STIGS (Security Technical Implementation Guides) are downloadable 3rd party advice from the USA Department of Defense DoD Cyber Exchange. As a courtesy, we at PolicyPak will routinely look for newly recommended STIG settings, and convert those recommendations into a consumable format for PolicyPak Application Manager.
Below, find a portion of the download of what PolicyPak provides as pre-converted STIG guidance.
Note: That note all STIG guidance is convertible into PolicyPak Application Manager format, so we only convert the ones that make sense.
You can investigate this whole process end-to-end by watching this first video on how to consume the converted STIG information:
Then, you can also use PolicyPak Group Policy Compliance Reporter (Free version) to verify that your settings delivered via PolicyPak Application Manager were delivered correctly. Here’s a video on that process.
As already explained though, STIG conversion from its downloadable form from the DoD into PolicyPak Application Manager consumable format is a courtesy only to PolicyPak customers. While we do our best, it is not warranted, nor is it guaranteed to be up to date at any time and customers assume any risk in using any of the advice.
More details about STIGs can be found in the PolicyPak Application Manager PDF manual.
CIS Benchmarks are also non-PolicyPak advice from the non-profit Center for Internet Security (CIS). CIS Benchmarks are available in two formats:
That being said, if you are a paid SecureSuiteMembership member and you are legally able to use the CIS benchmarks as downloadable GPOs, then you can use parts of PolicyPak to help enhance that investment.
In this scenario, you are importing the CIS Benchmarks. Then you can verify that those settings within the GPOs actually made it there. Since the settings are in Microsoft Group Policy Security, Group Policy Preferences and Group Policy ADMX format, you need the PolicyPak Group Policy Compliance Reporter (Paid Version) to ensure those settings are reported upon.
Tip: View the videos here to get the general feel for how you would do this.
In this scenario, you are converting CIS Benchmark GPOs which contain ADMX settings for use within PolicyPak Admin Templates Manager. Once in PolicyPak Admin Templates Manager format you can use PolicyPak Group Policy Compliance Reporter (Free Version) to report on those (now) PolicyPak Admin Templates Manager settings within the GPOs to see if those settings actually applied.
In this scenario, you have the CIS Benchmarks GPOs already imported. But you want to dictate specifically where specific ADMX settings will take affect (For instance, Desktops vs. Laptops, to specific Users or Groups, on specific IP addresses, etc etc.).
In this scenario, you want to use CIS Benchmarks advice alongside PolicyPak Cloud or PolicyPak MDM. To do this, you need to first have the CIS Benchmarks imported as GPOs. After that, here are the Basic steps:
Then deploy the settings using PolicyPak Cloud or PolicyPak MDM.
The basics for how to take existing Group Policy settings (from CIS Benchmarks or any source) and use with PolicyPak Cloud can be found here.
The basics for how to take existing Group Policy settings (from CIS Benchmarks or any source) and use with PolicyPak MDM can be found here and here.