UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCCS-2 Configuration Specifications


Overview

A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities. If a DoD reference document is not available, the system owner works with DISA or NSA to draft configuration guidance for inclusion in a Departmental reference guide.

MAC / CONF Impact Subject Area
MACI
MACII
High Security Design and Configuration

Details

Threat
Default configuration settings and parameters are often times not the most secure.  Security vulnerabilities can be exploited by malicious individuals causing severe damage to DoD computing environments.  Adhering to the latest security technical implementation guide or security recommendation provides organizations a higher degree of assurance that products are secure.

Guidance
1. Refer to the system security architecture document (or a similar document that outlines the various system components security configuration requirements) to identify each configurable system component .
2. Identify the operating system or major software feature of each component that requires configuration.
3. Using the DIACAP Knowledge Base or other repository, access the appropriate DISA STIG for the operating system, software application, or device.
4. Follow the STIG’s manual or automated configuration guidance for the operating system, software application, or device.
5. If a DISA STIG or other DoD-issued configuration guidance is not available, contact DISA or NSA for developmental guidance.*
 
* Note: This requirement is more stringent than DCCS-1

References

  • Refer to application-specific DoD, DISA, & NSA STIG
  • DoDI 8551.1, Ports, Protocols, and Services Management (PPSM), 13 August 2004
  • DoDI 8500.2, Information Assurance (IA) Implementation, para. E3.2.4, E3.2.6, 06 February 2003