A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA which creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span the devices' lifecycle.
An example where STIGs would be of benefit is in the configuration of a desktop computer. Most operating systems are not inherently secure. This leaves them open to criminals such as identity thieves and computer hackers. A STIG describes how to minimize network-based attacks and preventing system access when the attacker is interfacing with the system, either physically at the machine, or over a network. STIGs also describe maintenance processes (such as software updates and vulnerability patching).
Advanced STIGs might cover the design of a corporate network, covering configurations of routers, firewalls, domain name servers and switches.
Famous quotes containing the words security, technical and/or guide:
“If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!”
—Ralph Waldo Emerson (1803–1882)
“The best work of artists in any age is the work of innocence liberated by technical knowledge. The laboratory experiments that led to the theory of pure color equipped the impressionists to paint nature as if it had only just been created.”
—Nancy Hale (b. 1908)
“Lost at night in an immense forest, I only have a small light to guide me. A man appears who tells me: “My friend, blow out your candle in order to find your way.” This man is a theologian.
The sea, fluid garden filled with animals and plants.”
—Alfred Döblin (1878–1957)