DISA lays groundwork for implementing Windows 8
Recently the Defense Information Systems Agency released its Security Technical Implementation Guidelines (STIG) for use of Microsoft’s Windows 8 operating system. The unclassified version is available on the DISA website.
First, the guide specifies that this STIG covers only the versions of Windows 8 that supports the x86/64-based processor architecture. This precludes Windows 8 RT, but DISA said RT is being evaluated under a different STIG. Since RT runs on ARM processors, it only makes sense that DISA would cover it with other mobile operating systems.
For Windows 8, the guide goes into the specific steps that Defense Department IT personnel are supposed to take to review a Windows 8 system, such as changing the security and network settings to comply with DOD standards. To make these changes would require using the Computer Management Console and the Registry Editor, so you know this STIG isn’t fooling around.
In a FAQ included with the guidelines, DISA noted that it is moving toward adopting the Security Content Automation Protocol (SCAP), a National Institutes of Standards and Technology specification for standardized use of security data. DISA also is formatting the STIG in Extensible Configuration Checklist Description Format (XCCDF), an XML-based language for writing security checklists, benchmarks and related documents.
The DISA STIGs often become the standard by which other agencies and even private companies secure their computers. So admins setting up Windows 8 tablets or desktops should take a look.
Posted by Greg Crowe on Mar 01, 2013 at 9:39 AM