Stig Viewer
10161 Park Run Drive, Suite 150 Las Vegas, Nevada 89145. PHONE 702.776.9898 FAX 866.924.3791 info@unifiedcompliance.com. Thanks everybody for clarification. We have found that the expected workflow for STIG Viewer support is: 1) run oscap with data stream from scap-security-guide package and -stig-viewer option 2) open DISA STIG from DISA's website in DISA STIG Viewer 3) import file produced by oscap -stig-viewer to DISA STIG Viewer This workflow works in RHEL 7.
STIG Viewing Tools
XCCDF formatted SRGs and STIGs are intended be ingested into an SCAP validated tool for use in validating compliance of a Target of Evaluation (TOE). As such, getting to the content of a XCCDF formatted STIG to read and understand the content is not as easy as opening a .doc or .pdf file and reading it. The process can be a little confusing and trying. Below are tools which can be used to view the STIGs and a Whitepaper describing the STIG Viewing processes.
DISA STIG Viewer accepts the result file and associates the Rules correctly. But it shows warnings that are confusing: Discussing with @WesleyCeraso, looks like these. Aug 07, 2017 The Navy Testing Guidance says, 'The NQV must import XCCDF results of an SCC scan into the STIG Viewer for integration with the complete STIG.' So I don't think there's a lot of value in importing any SCAP STIG results directly into Vulnerator.
DISA has produced standalone versions of STIG Viewer for the Windows, Linux, and macOS platforms on 64-bit x86 processors. With the end of free support for Java 8 in early 2019, Oracle Corporation changed the licensing and distribution model for Java software. Users without supported Java 8 SE environments should use the standalone versions of STIG Viewer. Users with supported Java 8 SE environments may still use the current JAR file. DISA will base future STIG Viewer development on open-source software developed by the OpenJDK and OpenJFX projects.
| Title | Size | Updated |
|---|---|---|
| STIG Viewer User Guide (May 2021) | 1.86 MB | 22 Apr 2021 |
| STIG Viewer 2.14 Hashes | 1.36 KB | 22 Apr 2021 |
| STIG Viewer 2.14-Mac | 62.15 MB | 22 Apr 2021 |
| STIG Viewer 2.14-Linux | 71.57 MB | 22 Apr 2021 |
| STIG Viewer 2.14-Win64 | 61.03 MB | 22 Apr 2021 |
| STIG Viewer 2.14 | 712.99 KB | 22 Apr 2021 |
| How to Create and SRG-STIG ID Mapping Spreadsheet | 298.21 KB | 03 Feb 2021 |
| STIG Viewer Version 2.11 Change Log | 67.5 KB | 10 Aug 2020 |
| Vendor STIG Acronym List | 178.74 KB | 16 Jan 2020 |
| HOW_TO_VIEW_SRGs_and_STIGs | 79.49 KB | 30 Nov 2018 |
| STIG Viewer Video | — | 14 Jun 2018 |
| STIG Sorted by STIG ID | 103.46 KB | 30 Mar 2015 |
| STIG Sorted by Vulnerability ID | 101.59 KB | 30 Mar 2015 |
SRG/STIG Applicability Guide and Collection Tool
Stig Viewer Not Opening
The purpose of the SRG/STIG Applicability Guide and Collection Tool is to assist the SRG/STIG user community in determining what SRGs and/or STIGs apply to a particular situation or Information System (IS) and to create a fully formatted document containing a “Collection” of SRGs and STIGs applicable to the situation being addressed.
The ISs or situations covered include a Base/Camp/Post/or Station (B/C/P/S), facility, Program /Service/major application, enclave, network, system, device, or vendor’s product.
The Collection document can serve as an artifact in the System Authorization and Risk Management processes.
How To Set Up Stig Viewer On Windows
The SRG/STIG Applicability Guide and Collection Tool will be updated periodically to include the most recent new SRG/STIG releases and sunset products.
Stig Viewer Exe
For assistance, please contact disa.stig_spt@mail.mil
Stig Viewer Instructions
| Title | Size | Updated |
|---|---|---|
| SRG-STIG Applicability Guide - User Guide v1.5 | 2.64 MB | 12 May 2021 |
| STIG Applicability Guide-Linux | 38.61 MB | 12 May 2021 |
| STIG Applicability Guide-Mac | 33.81 MB | 12 May 2021 |
| STIG Applicability Guide-Windows | 36.89 MB | 12 May 2021 |