1 What Are STIGs? american primitivism 2-step, swing roots reggae, barbershop breakbeat · 3:39 Learn how the Defense Information Systems Agency (DISA) creates Security Technical Implementation Guides (STIGs) to establish mandatory cybersecurity standards for Pentagon and Department of Defense computer systems. Discover why these comprehensive rulebooks are essential for properly configuring and securing military networks against cyber threats.
2 The STIG Ecosystem crunk swamp blues, korean afrobeat, acid rock p-funk, piano afro-rock · 4:13 Explore how DoD security frameworks interconnect, learning the foundational role of DoD Instructions 8500.01 and 8510.01 in establishing cybersecurity policy and Risk Management Framework protocols that support STIG implementation.
3 Key Terminology american primitivism 2-step, swing roots reggae, barbershop breakbeat · 3:34 Learn the essential vocabulary of cybersecurity compliance as this high-energy track breaks down STIG terminology and the foundational language used in system security scanning and implementation guides.
4 Severity Categories Explained american primitivism 2-step, swing roots reggae, barbershop breakbeat · 3:39 Learn how DISA STIG's four-tier severity classification system prioritizes cybersecurity vulnerabilities from immediate threats to lower-risk issues. Discover how each category determines your response timeline and helps protect data confidentiality, integrity, and availability from potential breaches.
1 SRG-to-STIG Hierarchy bubblegum dance, alt-country dubstep · 4:03 Learn how cybersecurity standards flow from high-level NIST 800-53 controls down through the DISA hierarchy to create specific, actionable STIGs for individual products. Discover why broad security controls need this systematic breakdown to become practical implementation guidance that organizations can actually follow.
2 STIG Document Structure reggaeton, choral country, acoustic acid rock, new orleans house · 3:41 Learn the nine essential components that make up every DISA STIG document, from Group Titles and Rule Titles to STIG IDs and severity categorizations. Master the standardized structure that security professionals use to navigate and implement these critical cybersecurity guidelines.
3 Major STIG Categories reggaeton, choral country, acoustic acid rock, new orleans house · 3:47 Learn about DISA's three essential STIG categories that provide critical security configuration guidance for operating systems like Windows, Linux, Red Hat, Ubuntu, and SUSE. This energetic musical lesson breaks down the foundational framework that cybersecurity professionals use to protect systems across different platforms.
1 Obtaining STIGs american primitivism 2-step, swing roots reggae, barbershop breakbeat · 3:31 Learn how to access and download DISA's Security Technical Implementation Guides (STIGs) from the official public website without requiring any account registration. This foundational lesson covers navigating to the cyber.mil portal to obtain these critical security configuration standards that serve as the cornerstone for system hardening and compliance.
2 STIG Viewer disco alternative r&b, techno bossa nova · 3:13 Learn how to use STIG Viewer software to import security standards, convert XCCDF files into organized checklists, and create structured CKL files for streamlined compliance assessments.
3 SCAP and Automated Assessment bubblegum dance, alt-country dubstep · 3:44 Learn how the Security Content Automation Protocol (SCAP) transforms manual STIG compliance checking into automated assessments using machine-readable benchmarks and OVAL definitions. Discover how this powerful automation framework dramatically speeds up security evaluation processes while maintaining accuracy and standardization.
4 STIG Assessment Workflow american primitivism 2-step, swing roots reggae, barbershop breakbeat · 4:17 Learn the essential eight-step STIG assessment workflow that security professionals use to systematically evaluate and secure systems from initial scoping through final reporting. Master the structured approach that ensures no critical security elements are overlooked during comprehensive system assessments.
1 Windows Server STIG disco alternative r&b, techno bossa nova · 3:11 Learn essential Windows Server security hardening techniques including password policy configuration, account lockout settings, and inactive account management to create a robust defense against cyber threats. This comprehensive guide covers the foundational DISA STIG requirements that every system administrator needs to implement for secure server deployment.
2 RHEL / Linux STIG crunk swamp blues, korean afrobeat, acid rock p-funk, piano afro-rock · 3:33 Learn essential RHEL and Linux hardening techniques through DISA STIG requirements, covering file permissions, access controls, and root privilege management to secure your systems against unauthorized access and privilege escalation attacks.
3 Network Device STIGs american primitivism 2-step, swing roots reggae, barbershop breakbeat · 3:39 Network administrators discover essential DISA STIG security configurations that apply universally across routers, switches, and firewalls, with special focus on robust authentication protocols like TACACS and RADIUS. Learn the fundamental security principles that form the backbone of any properly hardened network infrastructure.
4 Database STIGs mandarin afrobeat, psychedelic house · 4:41 Learn the four essential database security controls that form the foundation of DISA STIG compliance, covering authentication protocols, least privilege principles, role separation strategies, and access management best practices for protecting sensitive data systems.
5 Cloud STIGs and SRGs bubblegum dance, alt-country dubstep · 3:56 Learn the five critical DISA security guides that form the backbone of cloud infrastructure protection, from foundational FedRAMP baselines to specialized DoD standards that ensure robust cybersecurity across scalable cloud environments.
1 Where STIGs Fit in the RMF mandarin afrobeat, psychedelic house · 3:41 Learn how Security Technical Implementation Guides (STIGs) integrate into the Risk Management Framework's six-step process, specifically their crucial role in step three implementation and step four assessment phases. Discover how system categorization drives STIG selection and how Security Requirements Guides (SRGs) connect to create a comprehensive cybersecurity approach.
2 STIGs and the ATO Package reggaeton, choral country, acoustic acid rock, new orleans house · 3:36 Learn how to construct a comprehensive ATO (Authority to Operate) package by weaving together STIG compliance results across four essential security documents. Discover the critical components including Security Assessment Reports, scan results, and both manual and automated testing requirements needed for system authorization.
3 Continuous Monitoring and STIGs bubblegum dance, alt-country dubstep · 3:33 Learn how to maintain DISA STIG compliance after system authorization through automated SCAP scanning schedules, quarterly updates, and continuous monitoring procedures that keep your security posture current. Discover the essential post-Authorization to Operate (ATO) processes that ensure ongoing compliance and system security health.
1 Hardening Approaches mandarin afrobeat, psychedelic house · 3:58 Learn the four fundamental approaches to system hardening, from creating gold image templates to implementing Infrastructure as Code and security policies that form the foundation of robust cybersecurity defense. This comprehensive overview establishes the essential baseline strategies every security professional needs to protect systems from the ground up.
2 Automation Resources disco alternative r&b, techno bossa nova · 3:36 Discover essential automation tools and resources from DISA that transform tedious manual security compliance checks into streamlined, efficient processes. Learn about SCAP content, official benchmarks, and automated hardening guides that work around the clock to maintain your system's security posture.
3 Handling Exceptions and Waivers disco alternative r&b, techno bossa nova · 3:53 Learn the critical process of managing STIG exceptions and waivers when security requirements conflict with mission-critical operations or technical constraints. Discover how to properly document, justify, and obtain approval for deviations while maintaining an acceptable risk posture.
4 Common Implementation Pitfalls crunk swamp blues, korean afrobeat, acid rock p-funk, piano afro-rock · 3:56 Learn to avoid the most frequent mistakes that derail STIG implementations, from blindly checking compliance boxes without testing to breaking critical legacy systems with hasty configuration changes. Discover why thorough planning and systematic testing are essential for successful security compliance without operational disasters.
1 STIGs ↔ CMMC reggaeton, choral country, acoustic acid rock, new orleans house · 3:16 Explore the fundamental connection between DISA STIGs and CMMC certification requirements, learning how both frameworks share the same NIST control foundations to create a unified approach to cybersecurity compliance across all three CMMC levels.
2 STIGs ↔ FedRAMP crunk swamp blues, korean afrobeat, acid rock p-funk, piano afro-rock · 4:11 Explore the intricate relationship between DISA STIGs and FedRAMP security frameworks, discovering how both stem from NIST 800-53 but serve different government needs - with FedRAMP focusing on cloud provider authorization while STIGs provide the enhanced security controls required for Department of Defense environments.
3 STIGs ↔ NIST Cybersecurity Framework (CSF) mandarin afrobeat, psychedelic house · 3:32 Learn how DISA STIGs and the NIST Cybersecurity Framework work together, with STIGs providing detailed technical configuration rules while NIST CSF offers the broader strategic vision for comprehensive cyber defense. Discover how these two essential frameworks complement each other to create a unified approach to organizational cybersecurity.
4 STIGs ↔ CIS Benchmarks reggaeton, choral country, acoustic acid rock, new orleans house · 4:05 Learn how DISA STIGs and CIS Benchmarks work together as complementary security frameworks, exploring their overlapping approaches to system hardening and the progression from CIS's broad foundational controls to more granular security requirements.
5 STIGs and the Canadian Context (CPCSC / ITSG-33) disco alternative r&b, techno bossa nova · 3:32 Learn how DISA STIGs apply in Canadian defense contexts and discover how Canada's ITSG-33 risk management framework parallels NIST standards while maintaining distinct national security requirements for cross-border data flows and defense contracts.
1 Lab 1 — STIG Viewer Orientation bubblegum dance, alt-country dubstep · 2:29 Learn how to download, install, and navigate the STIG Viewer tool from public.cyber.mil to begin your cybersecurity compliance journey. This hands-on lab walks you through setting up the essential software that will become your daily companion for security assessments and STIG implementation.
2 Lab 2 — Automated SCAP Scanning reggaeton, choral country, acoustic acid rock, new orleans house · 3:27 Learn how to set up and configure automated SCAP scanning tools like SCC and OpenSCAP to streamline STIG compliance checking. Discover the step-by-step process for downloading benchmarks from DISA and ensuring proper version matching for accurate security assessments.
3 Lab 3 — Manual STIG Assessment mandarin afrobeat, psychedelic house · 4:20 Learn hands-on manual assessment techniques as you work through ten unreviewed STIG findings, using checklists and check content guides to properly evaluate security compliance. This practical lab builds essential skills for conducting thorough manual security assessments when automated tools fall short.
4 Lab 4 — STIG Remediation reggaeton, choral country, acoustic acid rock, new orleans house · 4:49 Learn hands-on STIG remediation techniques by working through ten critical security findings, discovering how to systematically address high and medium risk vulnerabilities using proper fix text procedures. Master the step-by-step process of transforming security weaknesses into compliant, hardened systems through practical laboratory exercises.
5 Lab 5 — Gold Image Hardening bubblegum dance, alt-country dubstep · 3:29 Learn the essential process of creating hardened gold images for Windows and Red Hat servers, transforming fresh systems into STIG-compliant baseline templates ready for secure deployment across your network infrastructure.
6 Lab 6 — Ansible STIG Automation crunk swamp blues, korean afrobeat, acid rock p-funk, piano afro-rock · 3:29 Learn to implement DISA STIG compliance automation by cloning and customizing Ansible roles for RHEL 8 systems. Discover how to configure variables and deploy Infrastructure as Code solutions that streamline security hardening across your enterprise environment.
1 STIG for Containers and Kubernetes bubblegum dance, alt-country dubstep · 4:08 Learn essential DISA STIG security requirements for containerized environments, covering Docker daemon hardening, image scanning protocols, and vulnerability management practices that ensure compliant Kubernetes deployments.
2 STIG for DevSecOps Pipelines bubblegum dance, alt-country dubstep · 3:07 Learn how to integrate DISA STIG compliance directly into your DevSecOps pipelines through shift-left security practices and automated scanning gates. Discover the essential steps for building robust security checkpoints that catch vulnerabilities early in the development process rather than waiting for runtime detection.
3 Zero Trust Architecture and STIGs disco alternative r&b, techno bossa nova · 4:04 Explore how Zero Trust security architecture works hand-in-hand with DISA STIGs to create a robust "never trust, always verify" approach that validates every user and device before granting access. Learn the fundamental principles of implementing Zero Trust frameworks using STIG hardening guidelines to protect critical systems and data.
4 STIG Governance and Program Management bubblegum dance, alt-country dubstep · 4:02 Learn how organizations implement comprehensive STIG governance frameworks and program management strategies to monitor compliance across enterprise systems through automated dashboards and risk visualization tools. Discover the essential processes for tracking security posture and identifying vulnerabilities at scale in complex IT environments.
1 Official Resources reggaeton, choral country, acoustic acid rock, new orleans house · 3:41 Learn where to find the essential cybersecurity resources that form the foundation of system security, including DISA's official repositories and NIST frameworks. Discover the four critical resource locations every security professional must know to access authoritative STIGs, SRGs, and bulletproof documentation.
2 Relevant Certifications bubblegum dance, alt-country dubstep · 3:45 Discover how CompTIA Security Plus certification provides the essential foundation for your STIG journey, covering core security principles like confidentiality, integrity, and authentication. Learn why this certification serves as the crucial stepping stone that opens doors to advanced security implementations and controls.
3 Community and Training mandarin afrobeat, psychedelic house · 4:11 Learn how to access essential DISA STIG training resources through the DoD Cyber Exchange, discovering workforce development tools and training modules that build cybersecurity expertise from basic concepts to advanced implementation techniques.