A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA which creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span the devices' lifecycle.
An example where STIGs would be of benefit is in the configuration of a desktop computer. Most operating systems are not inherently secure. This leaves them open to criminals such as identity thieves and computer hackers. A STIG describes how to minimize network-based attacks and preventing system access when the attacker is interfacing with the system, either physically at the machine, or over a network. STIGs also describe maintenance processes (such as software updates and vulnerability patching).
Advanced STIGs might cover the design of a corporate network, covering configurations of routers, firewalls, domain name servers and switches.
Famous quotes containing the words security, technical and/or guide:
“Those words freedom and opportunity do not mean a license to climb upwards by pushing other people down. Any paternalistic system that tries to provide for security for everyone from above only calls for an impossible task and a regimentation utterly uncongenial to the spirit of our people.”
—Franklin D. Roosevelt (1882–1945)
“I rather think the cinema will die. Look at the energy being exerted to revive it—yesterday it was color, today three dimensions. I don’t give it forty years more. Witness the decline of conversation. Only the Irish have remained incomparable conversationalists, maybe because technical progress has passed them by.”
—Orson Welles (1915–1984)
“Those thoughts are truth which guide us to beneficial interaction with sensible particulars as they occur, whether they copy these in advance or not.”
—William James (1842–1910)