STS Systems Support, LLC (SSS) is pleased to offer an intense 5-day STIG\Hardening Workshop to those personnel who must understand, implement, maintain, address and transition to the National Institute of Standards and Technology (NIST) SP 800-53 Rev.4 (soon Rev. 5) security controls and understand the associated assessment procedures defined by the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and SP 800-53A Assessment Procedures. The STIGs contain technical guidance to “lock down” information systems / software that might otherwise be vulnerable to a malicious computer attack. Using the STIGS along with SCAP allows administrators to harden their architecture and meet security control requirements defined in SP 800-53 Rev. 4 (soon Rev. 5), which is required by the RMF process. Although this hardening process has been around for many years there are still challenges with understanding how critical the STIG’s are in the compliance process, how time consuming they can be and how they are actually performed. The communication and transfer of information system compliance evidence between administrators and managers can be strained. The System Administrators have root access to the information systems but have little insight into the RMF process and what is required to keep the system approved, running and documented. The Information System Security Managers are required to report on system security posture IAW RMF process directives but lack root access to gather information system evidence on their own. This dilemma can delay accreditation efforts resulting in additional costs as well as deteriorating continuity with the organization.
Module 1: • The need to protect our information systems • Target audience and key players/responsibilities • Defining STIGS / SCAP purpose and applicability • Q&A/End of Module 1 Exercise(s) Module 2: SCAP / STIG Fundamentals • STIG / SCAP Hardening methodology • Defining DISA CCI’s and their purpose • Master assessment datasheet / RMF core deliverables • STIG / SCAP best practices • Q&A / End of Module 2 Exercise(s) Module 3: SCAP / STIG Advanced • STIG / SCAP Deep Dive Instructor show and tell • SCAP Deep Dive Instructor show and tell • Creating system backups • Group policy and registry settings • Performing SCAP scans • Evaluating SCAP Results • Q&A/End of Module 3 Exercise(s) Module 4: The Process—Part 2: SCAP/STIG Hardening • Importing SCAP into STIG Viewer • Evaluating System Vulnerabilities and correcting them • Making changes to system registry and group policy settings • STIG/SCAP Classroom practice with instructor • Q&A/End of Module 4 Exercise(s) Module 5: Social Motivation, Influence strategies, Penetration Testing Methodology • Social motivation as it relates to STIG’s/SCAP • Influence strategies as they relate to STIG’s/SCAP • Key concepts on improving efficiencies in RMF process • Penetration testing module • Course wrap up • Q&A/EOC Exercise