A key part of our comprehensive SRRs (Security Readiness Reviews) is to ensure STIG (Security Technical Implementation Guide) compliance. STIGs, Developed by DISA, specify a reference point and best practices for how to secure IT Assets for CSM (Configuration Management Settings) by providing detailed configuration guidance for a wide array of hardware and software assets.

Navigating the world of STIG compliance can be overwhelming within a Federal IT organization. Within DISA there are hundreds of STIGs addressing a wide variety of configurable assets. While STIGs offer welcome guidance which would be daunting to otherwise define on your own, maintaining full compliance still involves significant expertise and knowledge. Each asset presents a unique challenge, and a single oversight can put you out of compliance, or worse, result in a serious compromise of Confidentiality, Integrity, or Availability.

Cinteot’s Cybersecurity specialists have broad knowledge and experience of the CSM landscape, DISA STIGs and Risk Scoring. In addition, Cinteot has deep expertise in several of the assetstypically addressed by STIGS. Cinteot will navigate you through the entire process, to include Establishment of Security Configuration Benchmark Checklist (NIST SP 800-70), CSM Scans (utilizing a variety of tools), Risk Enumeration and Prioritization, and Risk Mitigation. Cinteot alsooffers Training programs to help get your team up to speed on the overall SRR, CSM and STIG compliance processes.

Cinteot instructors can lead SRR classes in relevant technologies and application of auditing tools. Instructors would then administer exams to test students’ learned skills as required for validation and verification of STIG/IAVA compliance.Additionally, Cinteot Senior Reviewers can provide on-the-job training and check rides to new reviewers to fully vet them before establishing their reviewer readiness level.