STIG defined: “The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for Department of Defense (DOD) IA and IA-enabled devices/systems. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. These requirements encompass two areas – policy requirements for security programs and best practices for Information Assurance (IA)-enabled applications.” Information Assurance Support Environment
EiQ has been a longstanding provider to the government departments and agencies. We know that many government agencies and divisions are working on overtime to meet fundamental security standards outlined in the DISA’s Security Technical Implementation Guides (STIGs), NIST Special Publication 800-53, 8500.2, and AR25.2. There’s no wonder why. A combination of insufficient or long-awaiting funding, political bickering, lack of clarity in the guidance and the lack of a real timeline for implementation has caused a lot of confusion and waste in time and money. There is also so much hype around new technologies that will protect from the latest threat. Just considering what’s in the market now is full time job takes time and attention away from basic infrastructure management. Every week a new firewall, anti-malware, anti-spam, APT, AV, IPS promise to mitigate risk, thwart attack.
In light of the increased pressure created by Chinese espionage indictments and other high visibility breaches, enterprises might be tempted to invest in so-called cutting edge technologies. When news stories put a spotlight on cybersecurity, technology companies jump at the opportunity to tout their latest and greatest cure-all solutions. Anti-malware, AV, IPS don’t have magical abilities to stop every attack or plug every vulnerable gap.