Topics such as STIG Content, STIG Development, STIG Tools, and Best Practices are discussed. Demonstrations of STIG Viewer, SCAP Compliance Checker (SCC), and STIG implementation will be conducted to provide the students with a real world understanding of the STIG process. The development process will also be covered to give students an idea of where STIGs come from, who creates them, and how they get published. This one-day course is suitable for anyone wishing to gain insight into STIG content and process. It is ideally suited to those with limited exposure to STIGs or even none at all! The course will be taught via Online Personal ClassroomTM. This is a fully interactive, instructor-led experience. There will be an initial informational section that introduces the concepts and best practices then we will move to the screensharing capability to demo the various tools that are available. We all demo SCC, STIG viewer, and other tools while giving an overall approach to best practices. Specific pain points for students will be addressed, provided that it's feasible and within the scope of the course. The biggest benefit from the class will be getting a process down to manage the often-cumbersome task of STIGing your machines from the initial configuration through the quarterly STIG update process.
- Review of the SCA role in RMF
- SCA Criteria and Requirements
- Assessing Controls
- The Process,Managerial Control Reviews
- Technical Control Reviews
- Operational Control Reviews
- SCA Reporting