A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The term was coined by DISA which creates configuration documents in support of the United States Department of Defense (DoD). The implementation guidelines include recommended administrative processes and span the devices' lifecycle.
An example where STIGs would be of benefit is in the configuration of a desktop computer. Most operating systems are not inherently secure. This leaves them open to criminals such as identity thieves and computer hackers. A STIG describes how to minimize network-based attacks and preventing system access when the attacker is interfacing with the system, either physically at the machine, or over a network. STIGs also describe maintenance processes (such as software updates and vulnerability patching).
Advanced STIGs might cover the design of a corporate network, covering configurations of routers, firewalls, domain name servers and switches.
Famous quotes containing the words security, technical and/or guide:
“A well-regulated militia being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.”
—U.S. Constitution, Second Amendment.
“I rather think the cinema will die. Look at the energy being exerted to revive it—yesterday it was color, today three dimensions. I don’t give it forty years more. Witness the decline of conversation. Only the Irish have remained incomparable conversationalists, maybe because technical progress has passed them by.”
—Orson Welles (1915–1984)
“The office of the scholar is to cheer, to raise, and to guide men by showing them facts amidst appearances. He plies the slow, unhonored, and unpaid task of observation.... He is the world’s eye.”
—Ralph Waldo Emerson (1803–1882)