Security Readiness Reviews (SRR) Unix/Linux Web


Cinteot is pleased to offer a course in the hardening of Unix/Linux Web Server configuration and applications via the US Department of Defense (DoD) Secure Technical Implementation Guidelines (STIGs). Our Security Readiness Review (SRR) course is a 5-day (40 hour) class that will focus on Unix/Linux based Web Servers.

Class Structure:

Our course is taught by an experienced, DISA RCP Certified Reviewer and focuses on the implementation of the STIGs as provided by the US Department of Defense. STIGs set the standard for information security within the DoD.

Cinteot’s Security Readiness Review (SRR) training courses employ the DoD Security Technical Implementation Guides (STIGs) as their main course material.  Cinteot provides virtual machines containing a partially secure version of the software being reviewed.  The instructor-led class includes a walkthrough of each check within the relevant STIGs and class discussion as to whether the check would be considered a Finding by a DISA RCP Certified reviewer. This process enables technologists to understand and anticipate how their systems/technologies will be viewed by a reviewer performing a DISA-sanctioned CCRI, C&A, or RMF audit.

Course Content:

Apache Web SRR using manual techniques. Sun ONE Web SRR using manual techniques. WebLogic Web SRR using manual techniques. Unix/Linux DNS SRR using manual techniques. Auditing the administrative checks of the Joint Vulnerability Assessment Process.

The course will address current vulnerabilities, IAVM security compliance, and methods of identifying them, personnel interviews, and prioritizing applicable SRRs. Students who complete this course will have the knowledge and training necessary to ensure that a Unix/Linux Web Server environment meets the minimum requirements for secure network operations via the DoD STIGs. This course will also include the current tools used to complete the review and the manual input of the data into the Vulnerability Management System (VMS).

After completing this course, students will be able to conduct an SRR using DISA Field Security Operations SRR Procedures for verifying STIG and IAVM Compliance on Unix/Linux Web Servers.


Cinteot currently trains all SRR technologies to DISA in addition to other DoD reviewers and technologists responsible for securing DoD and DoD-contractor programs world-wide. Cinteot currently provides Cybersecurity and/or Risk Management Framework services to multiple DoD entities including the Secretary of Defense Communication Office and the U.S. Airforce’s Ground Based Strategic Deterrent (Minuteman III).  Cinteot performs over 800 individual technology SRRs annually to entities DoD-wide and provides unspecified cybersecurity to the Intelligence Community.

For more information about our course offerings email us at or call us at (717) 496-9262.