SCAP & STIG Tutorial
In this video, I demonstrate how to run SCAP scans using the SCC tool provided to us by NWIC Atlantic, which is now publicly available. I also show you how to create Windows 10 STIG checklist and how to import the SCAP scan results to the STIG Viewer to review and remediate Not Reviewed checks. This video is for demo and test purposes only.
*STIG your system at your own risk. I recommend you create a test environment or virtual machine separate from your personal Windows machine.
"Obtaining the Software Starting with version 5.4, SCC is publicly available and can be downloaded from Defense Information Systems Agency (DISA)."
https://public.cyber.mil/stigs/scap/
Requirements and Assumptions already made prior to testing in my environment:
Windows 10 Enterprise or Pro latest featured updates (for GPO):
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
VMware Workstation Pro 16:
https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
You can use Oracle VirtualBox or VMware Workstation Player or Microsoft Hyper-V. I'll leave that up to you.
Downloads:
LGPO tool (used to import Group Policy Objects)
https://www.microsoft.com/en-us/download/details.aspx?id=55319
Reference:
https://www.niwcatlantic.navy.mil/2021/03/naval-information-warfare-center-atlantic-security-content-automation-protocol-compliance-checker-software-for-public-use/
Disclaimer - Opinions expressed are solely my own and do not express the views or opinions of my employer.
Видео SCAP & STIG Tutorial канала IT Videos
*STIG your system at your own risk. I recommend you create a test environment or virtual machine separate from your personal Windows machine.
"Obtaining the Software Starting with version 5.4, SCC is publicly available and can be downloaded from Defense Information Systems Agency (DISA)."
https://public.cyber.mil/stigs/scap/
Requirements and Assumptions already made prior to testing in my environment:
Windows 10 Enterprise or Pro latest featured updates (for GPO):
https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
VMware Workstation Pro 16:
https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
You can use Oracle VirtualBox or VMware Workstation Player or Microsoft Hyper-V. I'll leave that up to you.
Downloads:
LGPO tool (used to import Group Policy Objects)
https://www.microsoft.com/en-us/download/details.aspx?id=55319
Reference:
https://www.niwcatlantic.navy.mil/2021/03/naval-information-warfare-center-atlantic-security-content-automation-protocol-compliance-checker-software-for-public-use/
Disclaimer - Opinions expressed are solely my own and do not express the views or opinions of my employer.
Видео SCAP & STIG Tutorial канала IT Videos
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Intro to STIG's & STIG Viewer
DISA STIGs part 1
Securing Infrastructure with OpenScap: The Automation Way!
Assessment and Remediation using the SCAP Tool
Configure and apply hardening rules in minutes with Ubuntu CIS Benchmark tooling
An Introduction to R - A Brief Tutorial for R {Software for Statistical Analysis}
STIG 101: What, How and Why DISA STIGs are a GOOD thing - Asset Security
System Administrator Job Interview: Technical Questions and Answers
How to improve Linux performance in a VirtualBox VM
Wireshark Packet Sniffing Usernames, Passwords, and Web Pages
How SSL works tutorial - with HTTPS example
17 How to clone ec2 instance using snapshot backup
Using the DoD STIG and SCAP Tool Basic Rundown
Ask ACAS - Tip 1: The 800-53 Dashboard for Configuration Auditing
Kernel Basics
How-To Configure Windows Server 2019 as the NTP server via Group Policy
Wazuh - How to Scan for Vulnerabilities in Windows and Linux
Scanning Multiple Windows Hosts with SCAP Compliance Checker (SCC)
MALWARE ANALYSIS - VBScript Decoding & Deobfuscating
How to Export and Import Local Group Policy using LGPO