Welcome to STIG Manager’s documentation!
What is STIG Manager?
STIG Manager is an Open Source API and Web client for managing the assessment of Information Systems for compliance with security checklists published by the United States (U.S.) Defense Information Systems Agency (DISA). STIG Manager supports DISA checklists distributed as either a Security Technical Implementation Guide (STIG) or a Security Requirements Guide (SRG) in the XCCDF format.
Our Project incorporates software developed since 2012 by the U.S. Naval Undersea Warfare Center Division Newport (NUWCDIVNPT). More information, and the software itself, is available on GitHub: STIG Manager
Contents:
Common Tasks:
- Build A Collection with .ckl or XCCDF Files
- Review a STIG on an Asset
- Review an entire Collection at once
- Set the Default STIG Revision for a Collection
- Accept and Reject STIG Reviews
- Analyze Findings and generate a POA&M
- Check evaluation progress
- Add Users
- Export Results
- Transfer Assets to Another Collection
- Tag Assets with Labels
- Create a new set of STIG Assignments based on an existing set
- Update Reference STIGs
- Having a problem? Let us know and submit an issue on GitHub!
Getting Started with STIG Manager
These videos and others are available on our YouTube channel.
Reporting Bugs & Issues
Please file bug reports or feature requests on the STIG Manager issue tracker. When reporting a bug, please provide as much detail as possible to help us understand and reproduce the issue. Include:
Install type: Hosted, Local, Docker, etc
Detailed steps to reproduce the issue
Action taken
Expected result
Actual result
Screenshots or logs (if relevant)
Your environment details (OS, browser version, etc.)
Licenses
The repository is licensed under the MIT License, with the exception of the client, which is licensed under the GNU GPL v3.