search

microsoft / PowerStig

STIG Automation
https://www.powershellgallery.com/packages/PowerSTIG
Other
542 stars 116 forks source link

Using PowerStig in DOD #309

Closed CyanDot closed 5 years ago

CyanDot commented 5 years ago

Hi:

Does PowerStig have any kind of DISA authorization yet? Is PowerStig approved to run on DOD systems yet?

Thank you.

athaynes commented 5 years ago

I can only give you a sort of non-answer answer. DISA is aware of the project and we reviewed the goals of the project with the STIG team leadership. This is an OSS community driven project, but maintained by a few Microsoft Services Consultants as a way to apply an additional layer of PowerShell automation on top of existing DISA supported STIG requirements and solutions. The STIG's are just a list of configuration items and we simply convert those manual tasks into a DSC composite resource with some standard business logic in front of it.

As far as approval goes, PowerSTIG is a PowerShell module. That being said, the project is deployed in DoD enterprises and I am not aware of a PowerShell module approval process. As with any software, DISA provided or otherwise, you should evaluate it to see if it fits in with your organizations people, process, and tools.

I hope that answers your question, sort of. I am more than happy to talk about any concerns that you have that we can share back with the community to make the project even better.

CyanDot commented 5 years ago

Thank for for the timely response.

Do you have any PowerPoint, or other presentations that I can show to management here?

athaynes commented 5 years ago

I took the contents from a PowerPoint I had and put the content into a markdown file here to get you started.

CyanDot commented 5 years ago

Perfect, thanks! Another question. If an organization wanted to use PowerStig, but not send the system out to the field with PowerStig installed, is there a way to do that? Do you just need PowerStig on the machine that is configuring the other systems?

athaynes commented 5 years ago

The PowerSTIG module only generates the MOF and it not required to be installed on the target node. That being said the MOF depends on the DSC resources to audit and configure the node. The list of DSC resources that are required to be installed on the target node under the system module path are listed in the module manifest.

CyanDot commented 5 years ago

Thanks again! That is all I have for now. If you want, you can close the issue.