DISA-STIG on Ubuntu
Comply with the DISA Security Technical Implementation Guide
Security Technical Implementation Guides (STIG) are developed by the Defense Information System Agency (DISA) for the U.S. Department of Defense (DoD). Ubuntu Pro and Ubuntu Advantage have the necessary certifications and controls to comply with DISA-STIG guidelines on Linux.Contact us Get Ubuntu Advantage
How does Ubuntu enable your compliance with FIPS, and DISA-STIG?
Learn about the US government security standards and the common challenges faced by organisations in their implementation. See how the Ubuntu Security Guide can transform systems compliance in a few minutes. Get to know how Ubuntu is a secure platform for government agencies and complying organisations to build, operate and innovate with open source applications and technologies.Contact us
What is DISA-STIG?
The Defense Information System Agency (DISA) is a US Department of Defense combat support agency. It provides and operates information infrastructure to support military operations and national-level leadership. The Security Technical Implementation Guide (STIG) is a configuration standard consisting of guidelines for hardening systems to improve a system’s security posture. It can be seen as a checklist for securing protocols, services, or servers to improve the overall security by reducing the attack surface.
DISA-STIG for Ubuntu
Together with Canonical, DISA has developed STIGs for Ubuntu. The U.S. DoD provides the STIG checklist, which can be viewed using STIG viewer, and SCAP content for auditing. The versions of Ubuntu that have STIGs available by DISA are marked on the table below.
|Ubuntu 16.04 LTS||Ubuntu 18.04 LTS||Ubuntu 20.04 LTS|
||Defense Information System Agency Security Technical Implementation Guides (STIGs) for Ubuntu||
||Yes: Tooling and automation|
- Configuration guide
- Yes Tooling and automation
How to audit and comply with DISA-STIG?
Using the Ubuntu Security Guide auditing is as simple as:
sudo usg audit disa_stig
and get the report in machine readable or browser friendly format.
Using the Ubuntu Security Guide applying the necessary rules for compliance is as simple as:
sudo usg fix disa_stig