cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kdaily
Newcomer II

DISA STIG Management

To anyone that works in the DoD space... how can you take a .ckl file and add the new STIG requirements to that ckl file to be reviewed so that you can avoid having to review ALL of the STIG requirements every quarter?

19 Replies
akhilmi87
Newcomer I

In my case, old ckl files were generated on Jan 2019. Do u still see any concerns?
msg
Newcomer I

This is the exact situation we find ourselves in - old CKL format not compatible with current updates as of this post. We've worked a lot of CKLs for machines beginning the task in Sept 2020. We just pulled recent STIG updates planning to complete the deltas by import of existing CKL over the current. As noted the new versions use the new Vuln IDs, etc., and we are unable to import our previous CKLs because they don't match. No content transferred.

Anyone know of a workaround/recommended process for this, or are we back to just running current SCAP scans, and copy/pasting the standouts manually reviewing the mapping sheet included within the STIG?
Samhain
Newcomer I

You are basically stuck doing the copy/paste thing. I'm in the middle of an annual security review, and I've had to copy/paste on just about every STIG/SRG so far. Add into that the fact the our RMF system (eMass) hasn't applied the updates for new vulnerability IDs yet, and we are stuck. Luckily, the new IDs are supposed to go in over the weekend, but I will be stuck having to rehome all of our POAM references to the new IDs most likely.

 

Job security though, right?

msg
Newcomer I

Okay, yeah, figured. Thanks for the confirmation.

Sheeze, I didn't think about rehoming the POAM refs. Not one of our tasks (yet), but I can see where this can ripple out.

Have you read anything on how exactly this move is to provide increased flexibility?

I wonder if it'd be worth (or still possible) working with the new CKLs in the .xml format in Notepad instead of STIG Viewer for the copy/paste ops. Are you just keeping the mapping sheet out while you roll through them? Could be done with side by side Notepad windows, the mapping sheet, and CTRL+F the way down each CKL after identifying the Vuln IDs not covered by current SCAP Benchmarks?

 

But yeah, hehe, job security.

msg
Newcomer I

I just setup my first new CKL earlier to develop the workflow.  I was originally planning to have to have the STIG mapping sheet out as reference, but I see now that in the new STIG header in STIG Viewer, they list the Legacy IDs for you.  That'll be helpful.  Just one less step.

 

I can see using a combination of filters and these legacy references to help with this.

 

I thought there'd be a way to do this with PowerShell, directly editing the .ckl file, but I'm no PS guru.

Kdaily
Newcomer II

I reached out to DISA today to find out if there was anything other than a manual transition to the new versions and this is what I received.... Demanded to know who my government sponsor was... yet still answered the question (sort of).

 

Thank you for contacting DISA STIG Customer Support.  We support only
government, military, or contractor support to the government. 

Who is your DoD sponsor ?
Your DoD sponsor needs to be included in this email chain.

What DoD contract do you support?

--

Over 6 months ago we posted a critical update to the stig format on our Cyber X web page. That updated showed the direction we were going with the new STIG IDs

We also posted several test stigs for the community to review during this time period.

There is a mapping sheet in the stigs that were updated to the new format.

The stig viewer has never had the ability to import between new releases of content, only between versions.

There will be no update to the viewer

rlb0720
Viewer II

 
msg
Newcomer I

@rlb0720 Did you figure out your question?  I saw a lengthier post in the thread email notification, but content is missing in the post above.

 

You should be able to import content between CKLs created in the same Version.  I believe the process would be something like:

  • Create the new CKL from the new STIG, and save it with its appropriate file name
  • Import the previous CKL (not the XCCDF file, that's for SCAP results in a later step)
  • Lastly, import the latest SCAP results XCCDF file to update the SCAP content in the new CKL.
    • It will update the Finding Details field if there are changes, removing and replacing any existing content here.
    • It will leave the Comments section alone, so you will want to review the previous and new CKL totals for changes and review for accuracy to make sure there are no Comments in place that no longer apply if a STIG that was earlier not addressed by SCAP now has been.

 

I've found that the use of the filters' Vulnerability parameter and typing the last three digits of a vuln ID is very handy for stripping down content.

 

You can also open multiple instances of STIG Viewer side by side to more easily compare two CKLs.  Don't run them in full screen; there's no need.  You can reduce the window width and still be able to easily view everything you need to work efficiently.

msg
Newcomer I

I just pulled down STIG Viewer 2.12 and it looks like it offers the capability of importing checklists created in previous versions now.  Just did a couple of tests and looks like it works.

 

Anyone else able to confirm?

RoadDog
Viewer

dawg!  no one answered since 2017!   I hope you found your answer.  But anyways, you can do via Stigviewer.

in Stigviewer, upload current stig.  Then make it a checklist (this step can be done in the stigviewer menu choices).  Then import your checklist into this stigviewer checklist you just made.  Note:  If your checklist is too too many versions older than the current stig in your stigviewer it will not work....which is the problem I just found out that I have....which is why to relieve my frustration... I came here.