Welcome to STIG Manager’s documentation!

What is STIG Manager?

STIG Manager is an Open Source API and Web client for managing the assessment of Information Systems for compliance with security checklists published by the United States (U.S.) Defense Information Systems Agency (DISA). STIG Manager supports DISA checklists distributed as either a Security Technical Implementation Guide (STIG) or a Security Requirements Guide (SRG) in the XCCDF format.

Our Project incorporates software developed since 2012 by the U.S. Naval Undersea Warfare Center Division Newport (NUWCDIVNPT). More information, and the software itself, is available on GitHub: STIG Manager

Contents:

• Introduction and Features
• Setup and Deployment
• For Users
• For Admins
• The STIG Manager Project
• Terminology and Concepts

• Index

Common Tasks:

• Build A Collection with .ckl or XCCDF Files
• Review a STIG on an Asset
• Review an entire Collection at once
• Set the Default STIG Revision for a Collection
• Accept and Reject STIG Reviews
• Analyze Findings and generate a POA&M
• Check evaluation progress
• Add Users
• Export Results
• Transfer Assets to Another Collection
• Tag Assets with Labels
• Create a new set of STIG Assignments based on an existing set
• Update Reference STIGs
• Having a problem? Let us know and submit an issue on GitHub!

---

Getting Started with STIG Manager

---

---

These videos and others are available on our YouTube channel.

---

Reporting Bugs & Issues

Please file bug reports on the STIG Manager issue tracker. When reporting a bug, please include as much information as possible. This includes:

• Install type: Hosted, Local, Docker, etc

• Action taken

• Expected result

• Actual result

• Screenshot (if relevant)

License / Credits

The repository is licensed under the MIT License, with the exception of the client, which is licensed under the GNU GPL v3.