A DoD reference document such as a security technical implementation guide or security recommendation guide constitutes the primary source for security configuration or implementation guidance for the deployment of newly acquired IA- and IA-enabled IT products that require use of the product's IA capabilities. If a DoD reference document is not available, the system owner works with DISA or NSA to draft configuration guidance for inclusion in a Departmental reference guide.
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII | High | Security Design and Configuration |
Threat |
---|
Default configuration settings and parameters are often times not the most secure. Security vulnerabilities can be exploited by malicious individuals causing severe damage to DoD computing environments. Adhering to the latest security technical implementation guide or security recommendation provides organizations a higher degree of assurance that products are secure. |
Guidance |
---|
1. Refer to the system security architecture document (or a similar document that outlines the various system components security configuration requirements) to identify each configurable system component . 2. Identify the operating system or major software feature of each component that requires configuration. 3. Using the DIACAP Knowledge Base or other repository, access the appropriate DISA STIG for the operating system, software application, or device. 4. Follow the STIG’s manual or automated configuration guidance for the operating system, software application, or device. 5. If a DISA STIG or other DoD-issued configuration guidance is not available, contact DISA or NSA for developmental guidance.* * Note: This requirement is more stringent than DCCS-1 |