A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA which creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span the devices' lifecycle.
An example where STIGs would be of benefit is in the configuration of a desktop computer. Most operating systems are not inherently secure. This leaves them open to criminals such as identity thieves and computer hackers. A STIG describes how to minimize network-based attacks and preventing system access when the attacker is interfacing with the system, either physically at the machine, or over a network. STIGs also describe maintenance processes (such as software updates and vulnerability patching).
Advanced STIGs might cover the design of a corporate network, covering configurations of routers, firewalls, domain name servers and switches.
Famous quotes containing the words security, technical and/or guide:
“It is hard for those who have never known persecution,
And who have never known a Christian,
To believe these tales of Christian persecution.
It is hard for those who live near a Bank
To doubt the security of their money.”
—T.S. (Thomas Stearns)
“The best work of artists in any age is the work of innocence liberated by technical knowledge. The laboratory experiments that led to the theory of pure color equipped the impressionists to paint nature as if it had only just been created.”
—Nancy Hale (b. 1908)
“Lost at night in an immense forest, I only have a small light to guide me. A man appears who tells me: “My friend, blow out your candle in order to find your way.” This man is a theologian.
The sea, fluid garden filled with animals and plants.”
—Alfred Döblin (1878–1957)