Security Readiness Reviews (SRR) Windows Web


Cinteot is pleased to offer a course in the hardening of Windows Web Server configuration and applications via the US Department of Defense (DoD) Secure Technical Implementation Guidelines (STIGs). Our Security Readiness Review (SRR) course is a 5-day (40 hour) class that will focus on Windows Web Servers such as:

  • Internet Information Services (IIS) Web Servers
  • Apache Web Servers
  • Netscape Web Servers

Class Structure:

Our course is taught by an experienced, DISA RCP Certified Reviewer and focuses on the implementation of the STIGs as provided by the US Department of Defense. STIGs set the standard for information security within the DoD.

Cinteot’s Security Readiness Review (SRR) training courses employ the DoD Security Technical Implementation Guides (STIGs) as their main course material.  Cinteot provides virtual machines containing a partially secure version of the software being reviewed.  The instructor-led class includes a walkthrough of each check within the relevant STIGs and class discussion as to whether the check would be considered a Finding by a DISA RCP Certified reviewer. This process enables technologists to understand and anticipate how their systems/technologies will be viewed by a reviewer performing a DISA-sanctioned CCRI, C&A, or RMF audit.

Course Content:

IIS Web SRR using manual techniques, IS Web SRR using the IIS SSR Scripts, Apache Web SRR using manual techniques, Netscape Web SRR using manual techniques and Web SRR result data entry into VMS.

The course will address current vulnerabilities, IAVM security compliance, and methods of identifying them, personnel interviews, and prioritizing applicable SRRs. Students who complete this course will have the knowledge and training necessary to ensure that a Windows Web Server environment meets the minimum requirements for secure network operations via the DoD STIGs. This course will also include the current tools used to complete the review and the manual input of the data into the Vulnerability Management System (VMS).

After completing this course, students will be able to conduct an SRR using DISA Field Security Operations SRR Procedures for verifying STIG and IAVM Compliance on three different Web Servers (IIS, Apache, and Netscape).


Cinteot currently trains all SRR technologies to DISA in addition to other DoD reviewers and technologists responsible for securing DoD and DoD-contractor programs world-wide. Cinteot currently provides Cybersecurity and/or Risk Management Framework services to multiple DoD entities including the Secretary of Defense Communication Office and the U.S. Airforce’s Ground Based Strategic Deterrent (Minuteman III).  Cinteot performs over 800 individual technology SRRs annually to entities DoD-wide and provides unspecified cybersecurity to the Intelligence Community.

For more information about our course offerings email us at or call us at (717) 496-9262.