-
Notifications
You must be signed in to change notification settings - Fork 6
Home
The StigRepo module accelerates cloud readiness and system hardening through building a repository to automate and customize configurations that are compliant with Security Technical Implementation Guides (STIGs) owned and released by the Defense Information Systems Agency (DISA). StigRepo identifies the systems in your Active Directory and/or Azure environment, identifies which software needs to be secured according to STIG requirements/recommendations, builds a customizable infrastructure as code (IaC) repository that leverages PowerSTIG### to automate enforcement and/or monitoring of STIG compliance ensuring your systems remain secured and even generating documentation to report compliance through STIG Checklists.
StigRepo organizes the repository to deploy and document STIG compliance using the folders listed below:
- Container for System Data generated by the StigRepo module.
- Folders for each identified Organizational Unit in Active Directory and a Powershell Data file for each identified system.
- System Data files are custom-built for each system depending on Operating System and installed software/role/features.
- Contains default PowerSTIG configuration scripts that leverage system data parameters to customize configs for individual systems
- Custom DSC Configurations can be built and added to the Configurations folder and applied to target systems
- Consumable items produced by StigRepo.
- By default, DscConfigs, MOFS, and STIG Checklists generated by StigRepo will be placed in this folder.
- The resources folder contains the resources your STIG Repository needs to enforce and audit STIG compliance.
- By default, there are three subfolders under the resources folder:
- Modules: Contains PowerSTIG and all DSC module dependencies. Modules in this folder will be synced across all target systems
- StigData: DISA STIG documents (XCCDFs), Organizational Settings, and Manual Check files
- Wiki: Packaged markdown wiki that can be imported into an Azure DevOps and/or a Github project
The StigRepo module builds out your repository and leverages the PowerSTIG module to drive the actual STIG automation. As new STIGs are released by DISA, new PowerSTIG module versions are published to cover any new security requirements. To keep your repository and compliance up-to-date, all you have to do is update the PowerSTIG module and and ensure that any customizations (STIG Exceptions/SkipRules) line up with what is in the new STIG as required.
Learn more about PowerSTIG by visiting the PowerSTIG wiki on github.