Amazon managed STIG hardening components for Image Builder
Security Technical Implementation Guides (STIGs) are the configuration hardening standards created by the Defense Information Systems Agency (DISA) to secure information systems and software. To make your systems compliant with STIG standards, you must install, configure, and test a variety of security settings.
Image Builder provides STIG hardening components to help you more efficiently build compliant images for baseline STIG standards. These STIG components scan for misconfigurations and run a remediation script. There are no additional charges for using STIG-compliant components.
Important
With few exceptions, STIG hardening components do not install third-party packages. If third-party packages are already installed on the instance, and if there are related STIGs that Image Builder supports for that package, the hardening component applies them.
This page lists all STIGs that Image Builder supports that are applied to the EC2 instances that Image Builder launches when you build and test a new image. If you want to apply additional STIG settings to your image, you can create a custom component to configure it. For more information about custom components and how to create them, see Use components to customize your Image Builder image.
When you create an image, the STIG hardening components log whether supported STIGs are applied or skipped. We recommend that you review the Image Builder logs for your images that use STIG hardening components. For more information about how to access and review Image Builder logs, see Troubleshoot pipeline builds.
Compliance levels
-
High (Category I)
The most severe risk. Includes any vulnerability that can result in loss of confidentiality, availability, or integrity.
-
Medium (Category II)
Includes any vulnerability that can result in loss of confidentiality, availability, or integrity, but the risks can be mitigated.
-
Low (Category III)
Any vulnerability that degrades measures to protect against loss of confidentiality, availability, or integrity.
Topics
Windows STIG hardening components
AWSTOE Windows STIG hardening components are designed for standalone servers and apply Local Group Policy. STIG-compliant hardening components install InstallRoot from the Department of Defense (DoD) on Windows infrastructure to download, install, and update the DoD certificates. They also remove unnecessary certificates to maintain STIG compliance. Currently, STIG baselines are supported for the following versions of Windows Server: 2012 R2, 2016, 2019, and 2022.
This section lists current settings for each of the Windows STIG hardening components, followed by a version history log.
STIG-Build-Windows-Low version 2022.4.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list of Windows STIGs, see the STIGs
Document Library
-
Windows Server 2022 STIG Version 1 Release 1
V-254335, V-254336, V-254337, V-254338, V-254351, V-254357, V-254363, and V-254481
-
Windows Server 2019 STIG Version 2 Release 5
V-205691, V-205819, V-205858, V-205859, V-205860, V-205870, V-205871, and V-205923
-
Windows Server 2016 STIG Version 2 Release 5
V-224916, V-224917, V-224918, V-224919, V-224931, V-224942, and V-225060
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
V-225537, V-225536, V-225526, V-225525, V-225514, V-225511, V-225490, V-225489, V-225488, V-225487, V-225485, V-225484, V-225483, V-225482, V-225481, V-225480, V-225479, V-225476, V-225473, V-225468, V-225462, V-225460, V-225459, V-225412, V-225394, V-225392, V-225376, V-225363, V-225362, V-225360, V-225359, V-225358, V-225357, V-225355, V-225343, V-225342, V-225336, V-225335, V-225334, V-225333, V-225332, V-225331, V-225330, V-225328, V-225327, V-225324, V-225319, V-225318, and V-225250
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
No STIG settings are applied to the Microsoft .NET Framework for Category III vulnerabilities.
-
Windows Firewall STIG Version 2 Release 1
V-241994, V-241995, V-241996, V-241999, V-242000, V-242001, V-242006, V-242007, and V-242008
-
Internet Explorer 11 STIG Version 2 Release 3
V-46477, V-46629, and V-97527
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
V-235727, V-235731, V-235751, V-235752, and V-235765
STIG-Build-Windows-Medium version 2022.4.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list of Windows STIGs, see the STIGs
Document Library
Note
The STIG-Build-Windows-Medium hardening components include all listed STIG settings that AWSTOE applies for STIG-Build-Windows-Low hardening components, in addition to the STIG settings that are listed specifically for Category II vulnerabilities.
-
Windows Server 2022 STIG Version 1 Release 1
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-254247, V-254265, V-254269, V-254270, V-254271, V-254272, V-254273, V-254274, V-254276, V-254277, V-254278, V-254285, V-254286, V-254287, V-254288, V-254289, V-254290, V-254291, V-254292, V-254300, V-254301, V-254302, V-254303, V-254304, V-254305, V-254306, V-254307, V-254308, V-254309, V-254310, V-254311, V-254312, V-254313, V-254314, V-254315, V-254316, V-254317, V-254318, V-254319, V-254320, V-254321, V-254322, V-254323, V-254324, V-254325, V-254326, V-254327, V-254328, V-254329, V-254330, V-254331, V-254332, V-254333, V-254334, V-254339, V-254341, V-254342, V-254344, V-254345, V-254346, V-254347, V-254348, V-254349, V-254350, V-254355, V-254356, V-254358, V-254359, V-254360, V-254361, V-254362, V-254364, V-254365, V-254366, V-254367, V-254368, V-254369, V-254370, V-254371, V-254372, V-254373, V-254375, V-254376, V-254377, V-254379, V-254380, V-254382, V-254383, V-254431, V-254432, V-254433, V-254434, V-254435, V-254436, V-254438, V-254439, V-254442, V-254443, V-254444, V-254445, V-254449, V-254450, V-254451, V-254452, V-254453, V-254454, V-254455, V-254456, V-254459, V-254460, V-254461, V-254462, V-254463, V-254464, V-254468, V-254470, V-254471, V-254472, V-254473, V-254476, V-254477, V-254478, V-254479, V-254480, V-254482, V-254483, V-254484, V-254485, V-254486, V-254487, V-254488, V-254489, V-254490, V-254493, V-254494, V-254495, V-254497, V-254499, V-254501, V-254502, V-254503, V-254504, V-254505, V-254507, V-254508, V-254509, V-254510, V-254511, and V-254512
-
Windows Server 2019 STIG Version 2 Release 5
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-205625, V-205626, V-205627, V-205629, V-205630, V-205633, V-205634, V-205635, V-205636, V-205637, V-205638, V-205639, V-205643, V-205644, V-205648, V-205649, V-205650, V-205651, V-205652, V-205655, V-205656, V-205659, V-205660, V-205662, V-205671, V-205672, V-205673, V-205675, V-205676, V-205678, V-205679, V-205680, V-205681, V-205682, V-205683, V-205684, V-205685, V-205686, V-205687, V-205688, V-205689, V-205690, V-205692, V-205693, V-205694, V-205697, V-205698, V-205708, V-205709, V-205712, V-205714, V-205716, V-205717, V-205718, V-205719, V-205720, V-205722, V-205729, V-205730, V-205733, V-205747, V-205751, V-205752, V-205754, V-205756, V-205758, V-205759, V-205760, V-205761, V-205762, V-205764, V-205765, V-205766, V-205767, V-205768, V-205769, V-205770, V-205771, V-205772, V-205773, V-205774, V-205775, V-205776, V-205777, V-205778, V-205779, V-205780, V-205781, V-205782, V-205783, V-205784, V-205795, V-205796, V-205797, V-205798, V-205801, V-205808, V-205809, V-205810, V-205811, V-205812, V-205813, V-205814, V-205815, V-205816, V-205817, V-205821, V-205822, V-205823, V-205824, V-205825, V-205826, V-205827, V-205828, V-205830, V-205832, V-205833, V-205834, V-205835, V-205836, V-205837, V-205838, V-205839, V-205840, V-205841, V-205861, V-205863, V-205865, V-205866, V-205867, V-205868, V-205869, V-205872, V-205873, V-205874, V-205911, V-205912, V-205915, V-205916, V-205917, V-205918, V-205920, V-205921, V-205922, V-205924, V-205925, and V-236001
-
Windows Server 2016 STIG Version 2 Release 5
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-224850, V-224852, V-224853, V-224854, V-224855, V-224856, V-224857, V-224858, V-224859, V-224866, V-224867, V-224868, V-224869, V-224870, V-224871, V-224872, V-224873, V-224881, V-224882, V-224883, V-224884, V-224885, V-224886, V-224887, V-224888, V-224889, V-224890, V-224891, V-224892, V-224893, V-224894, V-224895, V-224896, V-224897, V-224898, V-224899, V-224900, V-224901, V-224902, V-224903, V-224904, V-224905, V-224906, V-224907, V-224908, V-224909, V-224910, V-224911, V-224912, V-224913, V-224914, V-224915, V-224920, V-224922, V-224924, V-224925, V-224926, V-224927, V-224928, V-224929, V-224930, V-224935, V-224936, V-224937, V-224938, V-224939, V-224940, V-224941, V-224943, V-224944, V-224945, V-224946, V-224947, V-224948, V-224949, V-224951, V-224952, V-224953, V-224955, V-224956, V-224957, V-224959, V-224960, V-224962, V-224963, V-225010, V-225013, V-225014, V-225015, V-225016, V-225017, V-225018, V-225019, V-225021, V-225022, V-225023, V-225024, V-225028, V-225029, V-225030, V-225031, V-225032, V-225033, V-225034, V-225035, V-225038, V-225039, V-225040, V-225041, V-225042, V-225043, V-225047, V-225049, V-225050, V-225051, V-225052, V-225055, V-225056, V-225057, V-225058, V-225061, V-225062, V-225063, V-225064, V-225065, V-225066, V-225067, V-225068, V-225069, V-225072, V-225073, V-225074, V-225076, V-225078, V-225080, V-225081, V-225082, V-225083, V-225084, V-225086, V-225087, V-225088, V-225089, V-225092, V-225093 and V-236000
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-225574, V-225573, V-225572, V-225571, V-225570, V-225569, V-225568, V-225567, V-225566, V-225565, V-225564, V-225563, V-225562, V-225561, V-225560, V-225559, V-225558, V-225557, V-225555, V-225554, V-225553, V-225551, V-225550, V-225549, V-225548, V-225546, V-225545, V-225544, V-225543, V-225542, V-225541, V-225540, V-225539, V-225538, V-225535, V-225534, V-225533, V-225532, V-225531, V-225530, V-225529, V-225528, V-225527, V-225524, V-225523, V-225522, V-225521, V-225520, V-225519, V-225518, V-225517, V-225516, V-225515, V-225513, V-225510, V-225509, V-225508, V-225506, V-225504, V-225503, V-225502, V-225501, V-225500, V-225494, V-225486, V-225478, V-225477, V-225475, V-225474, V-225472, V-225471, V-225470, V-225469, V-225464, V-225463, V-225461, V-225458, V-225457, V-225456, V-225455, V-225454, V-225453, V-225452, V-225448, V-225443, V-225442, V-225441, V-225415, V-225414, V-225413, V-225411, V-225410, V-225409, V-225408, V-225407, V-225406, V-225405, V-225404, V-225402, V-225401, V-225400, V-225398, V-225397, V-225395, V-225393, V-225391, V-225389, V-225386, V-225385, V-225384, V-225383, V-225382, V-225381, V-225380, V-225379, V-225378, V-225377, V-225375, V-225374, V-225373, V-225372, V-225371, V-225370, V-225369, V-225368, V-225367, V-225356, V-225353, V-225352, V-225351, V-225350, V-225349, V-225348, V-225347, V-225346, V-225345, V-225344, V-225341, V-225340, V-225339, V-225338, V-225337, V-225329, V-225326, V-225325, V-225317, V-225316, V-225315, V-225314, V-225305, V-225304, V-225303, V-225302, V-225301, V-225300, V-225299, V-225298, V-225297, V-225296, V-225295, V-225294, V-225293, V-225292, V-225291, V-225290, V-225289, V-225288, V-225287, V-225286, V-225285, V-225284, V-225283, V-225282, V-225281, V-225280, V-225279, V-225278, V-225277, V-225276, V-225275, V-225273, V-225272, V-225271, V-225270, V-225269, V-225268, V-225267, V-225266, V-225265, V-225264, V-225263, V-225261, V-225260, V-225259, and V-225239
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus V-225238
-
Windows Firewall STIG Version 2 Release 1
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-241989, V-241990, V-241991, V-241993, V-241998, and V-242003
-
Internet Explorer 11 STIG Version 2 Release 3
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-46473, V-46475, V-46481, V-46483, V-46501, V-46507, V-46509, V-46511, V-46513, V-46515, V-46517, V-46521, V-46523, V-46525, V-46543, V-46545, V-46547, V-46549, V-46553, V-46555, V-46573, V-46575, V-46577, V-46579, V-46581, V-46583, V-46587, V-46589, V-46591, V-46593, V-46597, V-46599, V-46601, V-46603, V-46605, V-46607, V-46609, V-46615, V-46617, V-46619, V-46621, V-46625, V-46633, V-46635, V-46637, V-46639, V-46641, V-46643, V-46645, V-46647, V-46649, V-46653, V-46663, V-46665, V-46669, V-46681, V-46685, V-46689, V-46691, V-46693, V-46695, V-46701, V-46705, V-46709, V-46711, V-46713, V-46715, V-46717, V-46719, V-46721, V-46723, V-46725, V-46727, V-46729, V-46731, V-46733, V-46779, V-46781, V-46787, V-46789, V-46791, V-46797, V-46799, V-46801, V-46807, V-46811, V-46815, V-46819, V-46829, V-46841, V-46847, V-46849, V-46853, V-46857, V-46859, V-46861, V-46865, V-46869, V-46879, V-46883, V-46885, V-46889, V-46893, V-46895, V-46897, V-46903, V-46907, V-46921, V-46927, V-46939, V-46975, V-46981, V-46987, V-46995, V-46997, V-46999, V-47003, V-47005, V-47009, V-64711, V-64713, V-64715, V-64717, V-64719, V-64721, V-64723, V-64725, V-64729, V-72757, V-72759, V-72761, V-72763, V-75169, and V-75171
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-235720, V-235721, V-235723, V-235724, V-235725, V-235726, V-235728, V-235729, V-235730, V-235732, V-235733, V-235734, V-235735, V-235736, V-235737, V-235738, V-235739, V-235740, V-235741, V-235742, V-235743, V-235744, V-235745, V-235746, V-235747, V-235748, V-235749, V-235750, V-235754, V-235756, V-235760, V-235761, V-235763, V-235764, V-235766, V-235767, V-235768, V-235769, V-235770, V-235771, V-235772, V-235773, V-235774, and V-246736
-
Defender STIG Version 2 Release 4 (Windows Server 2022 only)
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities, plus:
V-213427, V-213429, V-213430, V-213431, V-213432, V-213433, V-213434, V-213435, V-213436, V-213437, V-213438, V-213439, V-213440, V-213441, V-213442, V-213443, V-213444, V-213445, V-213446, V-213447, V-213448, V-213449, V-213450, V-213451, V-213455, V-213464, V-213465, and V-213466
STIG-Build-Windows-High version 2022.4.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list of Windows STIGs, see the STIGs
Document Library
Note
The STIG-Build-Windows-High hardening components include all listed STIG settings that AWSTOE applies for STIG-Build-Windows-Low and STIG-Build-Windows-Medium hardening components, in addition to the STIG settings that are listed specifically for Category I vulnerabilities.
-
Windows Server 2022 STIG Version 1 Release 1
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-254293, V-254352, V-254353, V-254354, V-254374, V-254378, V-254381, V-254446, V-254465, V-254466, V-254467, V-254469, V-254474, V-254475, and V-254500
-
Windows Server 2019 STIG Version 2 Release 5
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-205653, V-205654, V-205711, V-205713, V-205724, V-205725, V-205757, V-205802, V-205804, V-205805, V-205806, V-205849, V-205908, V-205913, V-205914, and V-205919
-
Windows Server 2016 STIG Version 2 Release 5
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-224874, V-224932, V-224933, V-224934, V-224954, V-224958, V-224961, V-225025, V-225044, V-225045, V-225046, V-225048, V-225053, V-225054, and V-225079
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-225556, V-225552, V-225547, V-225507, V-225505, V-225498, V-225497, V-225496, V-225493, V-225492, V-225491, V-225449, V-225444, V-225399, V-225396, V-225390, V-225366, V-225365, V-225364, V-225354, and V-225274
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for the Microsoft .NET Framework. No additional STIG settings apply for Category I vulnerabilities.
-
Windows Firewall STIG Version 2 Release 1
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-241992, V-241997, and V-242002
-
Internet Explorer 11 STIG Version 2 Release 3
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for Internet Explorer 11. No additional STIG settings apply for Category I vulnerabilities.
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-235758 and V-235759
-
Defender STIG Version 2 Release 4 (Windows Server 2022 only)
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities, plus:
V-213426, V-213452, and V-213453
STIG version history log for Windows
This section logs Windows hardening component version history for the quarterly STIG updates. To see the changes and published versions for a quarter, choose the title to expand the information.
There were no changes for Windows component STIGS for the 2024 second quarter release.
There were no changes for Windows component STIGS for the 2024 first quarter release.
There were no changes for Windows component STIGS for the 2023 fourth quarter release.
There were no changes for Windows component STIGS for the 2023 third quarter release.
There were no changes for Windows component STIGS for the 2023 second quarter release.
There were no changes for Windows component STIGS for the 2023 first quarter release.
Updated STIG versions and applied STIGS for the 2022 Q4 release as follows:
STIG-Build-Windows-Low version 2022.4.x
-
Windows Server 2022 STIG Version 1 Release 1
-
Windows Server 2019 STIG Version 2 Release 5
-
Windows Server 2016 STIG Version 2 Release 5
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 2 Release 3
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
STIG-Build-Windows-Medium version 2022.4.x
-
Windows Server 2022 STIG Version 1 Release 1
-
Windows Server 2019 STIG Version 2 Release 5
-
Windows Server 2016 STIG Version 2 Release 5
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 2 Release 3
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
-
Defender STIG Version 2 Release 4 (Windows Server 2022 only)
STIG-Build-Windows-High version 2022.4.x
-
Windows Server 2022 STIG Version 1 Release 1
-
Windows Server 2019 STIG Version 2 Release 5
-
Windows Server 2016 STIG Version 2 Release 5
-
Windows Server 2012 R2 MS STIG Version 3 Release 5
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 2
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 2 Release 3
-
Microsoft Edge STIG Version 1 Release 6 (Windows Server 2022 only)
-
Defender STIG Version 2 Release 4 (Windows Server 2022 only)
There were no changes for Windows component STIGS for the 2022 third quarter release.
Updated STIG versions and applied STIGS for the 2022 Q2 release.
STIG-Build-Windows-Low version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 4
-
Windows Server 2016 STIG Version 2 Release 4
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-Medium version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 4
-
Windows Server 2016 STIG Version 2 Release 4
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-High version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 4
-
Windows Server 2016 STIG Version 2 Release 4
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
There were no changes for Windows component STIGS for the 2022 first quarter release.
Updated STIG versions and applied STIGS for the 2021 fourth quarter release.
STIG-Build-Windows-Low version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 3
-
Windows Server 2016 STIG Version 2 Release 3
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-Medium version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 3
-
Windows Server 2016 STIG Version 2 Release 3
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-High version 1.5.x
-
Windows Server 2019 STIG Version 2 Release 3
-
Windows Server 2016 STIG Version 2 Release 3
-
Windows Server 2012 R2 MS STIG Version 3 Release 3
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 2 Release 1
-
Internet Explorer 11 STIG Version 1 Release 19
Updated STIG versions and applied STIGS for the 2021 third quarter release.
STIG-Build-Windows-Low version 1.4.x
-
Windows Server 2019 STIG Version 2 Release 2
-
Windows Server 2016 STIG Version 2 Release 2
-
Windows Server 2012 R2 MS STIG Version 3 Release 2
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 1 Release 7
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-Medium version 1.4.x
-
Windows Server 2019 STIG Version 2 Release 2
-
Windows Server 2016 STIG Version 2 Release 2
-
Windows Server 2012 R2 MS STIG Version 3 Release 2
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 1 Release 7
-
Internet Explorer 11 STIG Version 1 Release 19
STIG-Build-Windows-High version 1.4.x
-
Windows Server 2019 STIG Version 2 Release 2
-
Windows Server 2016 STIG Version 2 Release 2
-
Windows Server 2012 R2 MS STIG Version 3 Release 2
-
Microsoft .NET Framework 4.0 STIG Version 2 Release 1
-
Windows Firewall STIG Version 1 Release 7
-
Internet Explorer 11 STIG Version 1 Release 19
Linux STIG hardening components
This section contains information about Linux STIG hardening components, followed by a version history log. If the Linux distribution doesn’t have STIG settings of its own, the hardening component applies RHEL settings. The hardening component applies supported STIG settings to the infrastructure based on the Linux distribution, as follows:
Red Hat Enterprise Linux (RHEL) 7 STIG settings
-
RHEL 7
-
CentOS 7
-
Amazon Linux 2 (AL2)
RHEL 8 STIG settings
-
RHEL 8
-
CentOS 8
-
Amazon Linux 2023 (AL 2023)
RHEL 9 STIG settings
-
RHEL 9
-
CentOS Stream 9
STIG-Build-Linux-Low version 2024.2.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list, see the STIGs
Document Library
RHEL 7 STIG Version 3 Release 14
-
RHEL 7/CentOS 7/AL2
V-204452, V-204576, and V-204605
RHEL 8 STIG Version 1 Release 14
-
RHEL 8/CentOS 8/AL 2023
V-230241, V-244527, V-230269, V-230270, V-230285, V-230253, V-230346, V-230381, V-230395, V-230468, V-230469, V-230491, V-230485, V-230486, V-230494, V-230495, V-230496, V-230497, V-230498, V-230499, and V-230281
RHEL 9 STIG Version 1 Release 3
-
RHEL 9/CentOS Stream 9
V-257782, V-257795, V-257796, V-257824, V-257880, V-257946, V-257947, V-258037, V-258067, V-258069, V-258076, and V-258173
Ubuntu 18.04 STIG Version 2 Release 14
V-219172, V-219173, V-219174, V-219175, V-219210, V-219164, V-219165, V-219178, V-219180, V-219301, V-219163, V-219332, V-219327, and V-219333
Ubuntu 20.04 STIG Version 1 Release 12
V-238202, V-238234, V-238235, V-238237, V-238323, V-238373, V-238221, V-238222, V-238223, V-238224, V-238226, V-238362, V-238357, and V-238308
Ubuntu 22.04 STIG Version 1 Release 1
V-260472, V-260476, V-260479, V-260480, V-260481, V-260520, V-260521, V-260549, V-260550, V-260551, V-260552, V-260581, and V-260596
STIG-Build-Linux-Medium version 2024.2.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list, see the STIGs
Document Library
Note
The STIG-Build-Linux-Medium hardening components include all listed STIG settings that AWSTOE applies for STIG-Build-Linux-Low hardening components, in addition to the STIG settings that are listed specifically for Category II vulnerabilities.
RHEL 7 STIG Version 3 Release 14
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 7/CentOS 7/AL2
V-204585, V-204490, V-204491, V-255928, V-204405, V-204406, V-204407, V-204408, V-204409, V-204410, V-204411, V-204412, V-204413, V-204414, V-204415, V-204422, V-204423, V-204427, V-204416, V-204418, V-204426, V-204431, V-204457, V-204466, V-204417, V-204434, V-204435, V-204587, V-204588, V-204589, V-204590, V-204591, V-204592, V-204593, V-204596, V-204597, V-204598, V-204599, V-204600, V-204601, V-204602, V-204622, V-233307, V-255925, V-204578, V-204595, V-204437, V-204503, V-204507, V-204508, V-204510, V-204511, V-204512, V-204514, V-204515, V-204516, V-204517, V-204521, V-204524, V-204531, V-204536, V-204537, V-204538, V-204539, V-204540, V-204541, V-204542, V-204543, V-204544, V-204545, V-204546, V-204547, V-204548, V-204549, V-204550, V-204551, V-204552, V-204553, V-204554, V-204555, V-204556, V-204557, V-204558, V-204559, V-204560, V-204562, V-204563, V-204564, V-204565, V-204566, V-204567, V-204568, V-204572, V-204584, V-204609, V-204610, V-204611, V-204612, V-204613, V-204614, V-204615, V-204616, V-204617, V-204625, V-204630, V-255927, V-237634, V-237635, V-251703, V-204449, V-204450, V-204451, V-204619, V-204579, V-204631, V-204633, and V-256970
RHEL 8 STIG Version 1 Release 14
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 8/CentOS 8/AL 2023
V-230257, V-230258, V-230259, V-230550, V-230248, V-230249, V-230250, V-230245, V-230246, V-230247, V-230397, V-230399, V-230400, V-230401, V-230228, V-230298, V-230387, V-230231, V-230233, V-230324, V-230365, V-230370, V-230378, V-230383, V-230236, V-230314, V-230315, V-244523, V-230266, V-230267, V-230268, V-230280, V-230310, V-230311, V-230312, V-230502, V-230532, V-230535, V-230536, V-230537, V-230538, V-230539, V-230540, V-230541, V-230542, V-230543, V-230544, V-230545, V-230546, V-230547, V-230548, V-230549, V-244550, V-244551, V-244552, V-244553, V-244554, V-250317, V-251718, V-230237, V-230313, V-230356, V-230357, V-230358, V-230359, V-230360, V-230361, V-230362, V-230363, V-230368, V-230369, V-230375, V-230376, V-230377, V-244524, V-244533, V-251713, V-251717, V-251714, V-251715, V-251716, V-230332, V-230334, V-230336, V-230338, V-230340, V-230342, V-230344, V-230333, V-230335, V-230337, V-230339, V-230341, V-230343, V-230345, V-230240, V-230282, V-250315, V-250316, V-230255, V-230277, V-230278, V-230348, V-230353, V-230386, V-230390, V-230392, V-230394, V-230396, V-230393, V-230398, V-230402, V-230403, V-230404, V-230405, V-230406, V-230407, V-230408, V-230409, V-230410, V-230411, V-230412, V-230413, V-230418, V-230419, V-230421, V-230422, V-230423, V-230424, V-230425, V-230426, V-230427, V-230428, V-230429, V-230430, V-230431, V-230432, V-230433, V-230434, V-230435, V-230436, V-230437, V-230438, V-230439, V-230444, V-230446, V-230447, V-230448, V-230449, V-230455, V-230456, V-230462, V-230463, V-230464, V-230465, V-230466, V-230467, V-230471, V-230472, V-230473, V-230474, V-230480, V-230483, V-244542, V-230503, V-230244, V-230286, V-230287, V-230288, V-230290, V-230291, V-230296, V-230330, V-230382, V-230526, V-230527, V-230555, V-230556, V-244526, V-244528, V-237642, V-237643, V-251711, V-230238, V-230239, V-230273, V-230275, V-230478, V-230488, V-230489, V-230559, V-230560, V-230561, V-237640, and V-256974
RHEL 9 STIG Version 1 Release 3
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 9/CentOS Stream 9
V-257780, V-257781, V-257783, V-257786, V-257788, V-257790, V-257791, V-257792, V-257793, V-257794, V-257797, V-257798, V-257799, V-257800, V-257801, V-257802, V-257803, V-257804, V-257805, V-257806, V-257807, V-257808, V-257809, V-257810, V-257811, V-257812, V-257813, V-257814, V-257815, V-257816, V-257817, V-257818, V-257825, V-257827, V-257828, V-257829, V-257830, V-257831, V-257832, V-257833, V-257834, V-257836, V-257838, V-257839, V-257840, V-257841, V-257842, V-257849, V-257882, V-257883, V-257884, V-257885, V-257886, V-257887, V-257888, V-257890, V-257891, V-257892, V-257893, V-257894, V-257895, V-257896, V-257897, V-257898, V-257899, V-257900, V-257901, V-257902, V-257903, V-257904, V-257905, V-257906, V-257907, V-257908, V-257909, V-257910, V-257911, V-257912, V-257913, V-257914, V-257915, V-257916, V-257917, V-257918, V-257919, V-257920, V-257921, V-257922, V-257923, V-257924, V-257925, V-257926, V-257927, V-257928, V-257929, V-257930, V-257931, V-257933, V-257934, V-257935, V-257936, V-257939, V-257940, V-257942, V-257943, V-257944, V-257949, V-257951, V-257952, V-257953, V-257954, V-257957, V-257958, V-257959, V-257960, V-257961, V-257962, V-257963, V-257964, V-257965, V-257966, V-257967, V-257968, V-257969, V-257970, V-257971, V-257972, V-257973, V-257974, V-257975, V-257976, V-257977, V-257978, V-257979, V-257980, V-257982, V-257985, V-257987, V-257988, V-257989, V-257991, V-257992, V-257993, V-257994, V-257995, V-257996, V-257997, V-257998, V-257999, V-258000, V-258001, V-258002, V-258003, V-258004, V-258005, V-258006, V-258007, V-258008, V-258009, V-258010, V-258011, V-258028, V-258034, V-258035, V-258036, V-258038, V-258040, V-258041, V-258043, V-258049, V-258052, V-258054, V-258055, V-258056, V-258057, V-258060, V-258063, V-258064, V-258065, V-258066, V-258068, V-258070, V-258071, V-258072, V-258073, V-258074, V-258075, V-258077, V-258079, V-258080, V-258081, V-258082, V-258083, V-258084, V-258085, V-258088, V-258089, V-258090, V-258091, V-258092, V-258093, V-258095, V-258097, V-258098, V-258099, V-258100, V-258101, V-258102, V-258103, V-258104, V-258105, V-258107, V-258108, V-258109, V-258110, V-258111, V-258112, V-258113, V-258114, V-258115, V-258116, V-258117, V-258118, V-258119, V-258120, V-258122, V-258123, V-258124, V-258125, V-258126, V-258128, V-258129, V-258130, V-258133, V-258134, V-258137, V-258140, V-258141, V-258142, V-258144, V-258145, V-258146, V-258147, V-258148, V-258150, V-258151, V-258152, V-258153, V-258154, V-258156, V-258157, V-258158, V-258159, V-258160, V-258161, V-258162, V-258163, V-258164, V-258165, V-258166, V-258167, V-258168, V-258169, V-258170, V-258171, V-258172, V-258175, V-258176, V-258177, V-258178, V-258179, V-258180, V-258181, V-258182, V-258183, V-258184, V-258185, V-258186, V-258187, V-258188, V-258189, V-258190, V-258191, V-258192, V-258193, V-258194, V-258195, V-258196, V-258197, V-258198, V-258199, V-258200, V-258201, V-258202, V-258203, V-258204, V-258205, V-258206, V-258207, V-258208, V-258209, V-258210, V-258211, V-258212, V-258213, V-258214, V-258215, V-258216, V-258217, V-258218, V-258219, V-258220, V-258221, V-258222, V-258223, V-258224, V-258225, V-258226, V-258227, V-258228, V-258229, V-258232, V-258233, V-258234,V-258237, V-258239, and V-258240
Ubuntu 18.04 STIG Version 2 Release 14
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
V-219188, V-219190, V-219191, V-219198, V-219199, V-219200, V-219201, V-219202, V-219203, V-219204, V-219205, V-219206, V-219207, V-219208, V-219209, V-219303, V-219326, V-219328, V-219330, V-219342, V-219189, V-219192, V-219193, V-219194, V-219315, V-219195, V-219196, V-219197, V-219213, V-219214, V-219215, V-219216, V-219217, V-219218, V-219219, V-219220, V-219221, V-219222, V-219223, V-219224, V-219227, V-219228, V-219229, V-219230, V-219231, V-219232, V-219233, V-219234, V-219235, V-219236, V-219238, V-219239, V-219240, V-219241, V-219242, V-219243, V-219244, V-219250, V-219254, V-219257, V-219263, V-219264, V-219265, V-219266, V-219267, V-219268, V-219269, V-219270, V-219271, V-219272, V-219273, V-219274, V-219275, V-219276, V-219277, V-219279, V-219281, V-219287, V-219291, V-219297, V-219298, V-219299, V-219300, V-219309, V-219310, V-219311, V-219312, V-233779, V-233780, V-255906, V-219336, V-219338, V-219344, V-219181, V-219184, V-219186, V-219155, V-219156, V-219160, V-219306, V-219149, V-219166, V-219176, V-219339, V-219331, V-219337, and V-219335
Ubuntu 20.04 STIG Version 1 Release 12
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
V-238205, V-238207, V-238329, V-238337, V-238339, V-238340, V-238344, V-238345, V-238346, V-238347, V-238348, V-238349, V-238350, V-238351, V-238352, V-238376, V-238377, V-238378, V-238209, V-238325, V-238330, V-238333, V-238369, V-238338, V-238341, V-238342, V-238343, V-238324, V-238353, V-238228, V-238225, V-238227, V-238299, V-238238, V-238239, V-238240, V-238241, V-238242, V-238244, V-238245, V-238246, V-238247, V-238248, V-238249, V-238250, V-238251, V-238252, V-238253, V-238254, V-238255, V-238256, V-238257, V-238258, V-238264, V-238268, V-238271, V-238277, V-238278, V-238279, V-238280, V-238281, V-238282, V-238283, V-238284, V-238285, V-238286, V-238287, V-238288, V-238289, V-238290, V-238291, V-238292, V-238293, V-238294, V-238295, V-238297, V-238300, V-238301, V-238302, V-238304, V-238309, V-238310, V-238315, V-238316, V-238317, V-238318, V-238319, V-238320, V-251505, V-238360, V-238211, V-238212, V-238213, V-238216, V-238220, V-255912, V-238355, V-238236, V-238303, V-238358, V-238356, V-238359, V-238370, and V-238334
Ubuntu 22.04 STIG Version 1 Release 1
Includes all supported STIG settings that the hardening component applies for Category III (Low) vulnerabilities for this Linux distribution, plus:
V-260471, V-260473, V-260474, V-260475, V-260477, V-260478, V-260485, V-260486, V-260487, V-260488, V-260489, V-260490, V-260491, V-260492, V-260493, V-260494, V-260495, V-260496, V-260497, V-260498, V-260499, V-260500, V-260505, V-260506, V-260507, V-260508, V-260509, V-260510, V-260511, V-260512, V-260513, V-260514, V-260516, V-260522, V-260527, V-260528, V-260530, V-260531, V-260532, V-260533, V-260534, V-260542, V-260543, V-260545, V-260546, V-260547, V-260553, V-260554, V-260555, V-260556, V-260557, V-260560, V-260561, V-260562, V-260563, V-260564, V-260565, V-260566, V-260567, V-260568, V-260572, V-260573, V-260574, V-260576, V-260582, V-260584, V-260586, V-260588, V-260589, V-260590, V-260591, V-260594, V-260597, V-260598, V-260599, V-260600, V-260601, V-260602, V-260603, V-260604, V-260605, V-260606, V-260607, V-260608, V-260609, V-260610, V-260611, V-260612, V-260613, V-260614, V-260615, V-260616, V-260617, V-260618, V-260619, V-260620, V-260621, V-260622, V-260623, V-260624, V-260625, V-260626, V-260627, V-260628, V-260629, V-260630, V-260631, V-260632, V-260633, V-260634, V-260635, V-260636, V-260637, V-260638, V-260639, V-260640, V-260641, V-260642, V-260643, V-260644, V-260645, V-260646, V-260647, V-260648, and V-260649
STIG-Build-Linux-High version 2024.1.x
The following list contains STIG settings that the hardening component applies to your infrastructure. If a supported setting isn't applicable for your infrastructure, the hardening component skips that setting, and moves on. For example, some STIG settings might not apply to standalone servers. Organization-specific policies can also affect which settings the hardening component applies, such as a requirement for administrators to review document settings.
For a complete list, see the STIGs
Document Library
Note
The STIG-Build-Linux-High hardening components include all listed STIG settings that AWSTOE applies for STIG-Build-Linux-Low and STIG-Build-Linux-Medium hardening components, in addition to the listed STIG settings that apply specifically for Category I vulnerabilities.
RHEL 7 STIG Version 3 Release 14
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 7/CentOS 7/AL2
V-204425, V-204594, V-204455, V-204424, V-204442, V-204443, V-204447, V-204448, V-204502, V-204620, and V-204621
RHEL 8 STIG Version 1 Release 14
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 8/CentOS 8/AL 2023
V-230265, V-230529, V-230531, V-230264, V-230487, V-230492, V-230533, and V-230558
RHEL 9 STIG Version 1 Release 3
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
-
RHEL 9/CentOS Stream 9
V-257784, V-257785, V-257820, V-257821, V-257826, V-257835, V-257955, V-257956, V-257984, V-257986, V-258059, V-258078, V-258094, and V-258235
Ubuntu 18.04 STIG Version 2 Release 14
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
V-219157, V-219158, V-219177, V-219212 V-219308, V-219314, V-219316, and V-251507
Ubuntu 20.04 STIG Version 1 Release 12
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
V-238218, V-238219, V-238201, V-238326, V-238327, V-238380 and V-251504
Ubuntu 22.04 STIG Version 1 Release 1
Includes all supported STIG settings that the hardening component applies for Categories II and III (Medium and Low) vulnerabilities for this Linux distribution, plus:
V-260469, V-260482, V-260483, V-260523, V-260524, V-260526, V-260529, V-260570, V-260571, and V-260579
STIG version history log for Linux
This section logs Linux component version history. To see the changes and published versions for a quarter, choose the title to expand the information.
Updated STIG versions and applied STIGS for the 2024 second quarter release. Also added support for RHEL 9, CentOS Stream 9, and Ubuntu 22.04, as follows:
STIG-Build-Linux-Low version 2024.2.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 14
-
RHEL 9 STIG Version 1 Release 3
-
Ubuntu 18.04 STIG Version 2 Release 14
-
Ubuntu 20.04 STIG Version 1 Release 12
-
Ubuntu 22.04 STIG Version 1 Release 1
STIG-Build-Linux-Medium version 2024.2.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 14
-
RHEL 9 STIG Version 1 Release 3
-
Ubuntu 18.04 STIG Version 2 Release 14
-
Ubuntu 20.04 STIG Version 1 Release 12
-
Ubuntu 22.04 STIG Version 1 Release 1
STIG-Build-Linux-High version 2024.2.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 14
-
RHEL 9 STIG Version 1 Release 3
-
Ubuntu 18.04 STIG Version 2 Release 14
-
Ubuntu 20.04 STIG Version 1 Release 12
-
Ubuntu 22.04 STIG Version 1 Release 1
Updated STIG versions and applied STIGS for the 2024 first quarter release as follows:
STIG-Build-Linux-Low version 2024.1.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 13
-
Ubuntu 18.04 STIG Version 2 Release 13
-
Ubuntu 20.04 STIG Version 1 Release 11
STIG-Build-Linux-Medium version 2024.1.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 13
-
Ubuntu 18.04 STIG Version 2 Release 13
-
Ubuntu 20.04 STIG Version 1 Release 11
STIG-Build-Linux-High version 2024.1.x
-
RHEL 7 STIG Version 3 Release 14
-
RHEL 8 STIG Version 1 Release 13
-
Ubuntu 18.04 STIG Version 2 Release 13
-
Ubuntu 20.04 STIG Version 1 Release 11
Updated STIG versions and applied STIGS for the 2023 fourth quarter release as follows:
STIG-Build-Linux-Low version 2023.4.x
-
RHEL 7 STIG Version 3 Release 13
-
RHEL 8 STIG Version 1 Release 12
-
Ubuntu 18.04 STIG Version 2 Release 12
-
Ubuntu 20.04 STIG Version 1 Release 10
STIG-Build-Linux-Medium version 2023.4.x
-
RHEL 7 STIG Version 3 Release 13
-
RHEL 8 STIG Version 1 Release 12
-
Ubuntu 18.04 STIG Version 2 Release 12
-
Ubuntu 20.04 STIG Version 1 Release 10
STIG-Build-Linux-High version 2023.4.x
-
RHEL 7 STIG Version 3 Release 13
-
RHEL 8 STIG Version 1 Release 12
-
Ubuntu 18.04 STIG Version 2 Release 12
-
Ubuntu 20.04 STIG Version 1 Release 10
Updated STIG versions and applied STIGS for the 2023 third quarter release as follows:
STIG-Build-Linux-Low version 2023.3.x
-
RHEL 7 STIG Version 3 Release 12
-
RHEL 8 STIG Version 1 Release 11
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 9
STIG-Build-Linux-Medium version 2023.3.x
-
RHEL 7 STIG Version 3 Release 12
-
RHEL 8 STIG Version 1 Release 11
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 9
STIG-Build-Linux-High version 2023.3.x
-
RHEL 7 STIG Version 3 Release 12
-
RHEL 8 STIG Version 1 Release 11
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 9
Updated STIG versions and applied STIGS for the 2023 second quarter release as follows:
STIG-Build-Linux-Low version 2023.2.x
-
RHEL 7 STIG Version 3 Release 11
-
RHEL 8 STIG Version 1 Release 10
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 8
STIG-Build-Linux-Medium version 2023.2.x
-
RHEL 7 STIG Version 3 Release 11
-
RHEL 8 STIG Version 1 Release 10
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 8
STIG-Build-Linux-High version 2023.2.x
-
RHEL 7 STIG Version 3 Release 11
-
RHEL 8 STIG Version 1 Release 10
-
Ubuntu 18.04 STIG Version 2 Release 11
-
Ubuntu 20.04 STIG Version 1 Release 8
Updated STIG versions and applied STIGS for the 2023 first quarter release as follows:
STIG-Build-Linux-Low version 2023.1.x
-
RHEL 7 STIG Version 3 Release 10
-
RHEL 8 STIG Version 1 Release 9
-
Ubuntu 18.04 STIG Version 2 Release 10
-
Ubuntu 20.04 STIG Version 1 Release 7
STIG-Build-Linux-Medium version 2023.1.x
-
RHEL 7 STIG Version 3 Release 10
-
RHEL 8 STIG Version 1 Release 9
-
Ubuntu 18.04 STIG Version 2 Release 10
-
Ubuntu 20.04 STIG Version 1 Release 7
STIG-Build-Linux-High version 2023.1.x
-
RHEL 7 STIG Version 3 Release 10
-
RHEL 8 STIG Version 1 Release 9
-
Ubuntu 18.04 STIG Version 2 Release 10
-
Ubuntu 20.04 STIG Version 1 Release 7
Updated STIG versions and applied STIGS for the 2022 fourth quarter release as follows:
STIG-Build-Linux-Low version 2022.4.x
-
RHEL 7 STIG Version 3 Release 9
-
RHEL 8 STIG Version 1 Release 8
-
Ubuntu 18.04 STIG Version 2 Release 9
-
Ubuntu 20.04 STIG Version 1 Release 6
STIG-Build-Linux-Medium version 2022.4.x
-
RHEL 7 STIG Version 3 Release 9
-
RHEL 8 STIG Version 1 Release 8
-
Ubuntu 18.04 STIG Version 2 Release 9
-
Ubuntu 20.04 STIG Version 1 Release 6
STIG-Build-Linux-High version 2022.4.x
-
RHEL 7 STIG Version 3 Release 9
-
RHEL 8 STIG Version 1 Release 8
-
Ubuntu 18.04 STIG Version 2 Release 9
-
Ubuntu 20.04 STIG Version 1 Release 6
There were no changes for Linux component STIGS for the 2022 third quarter release.
Introduced Ubuntu support, updated STIG versions and applied STIGS for the 2022 second quarter release as follows:
STIG-Build-Linux-Low version 2022.2.x
-
RHEL 7 STIG Version 3 Release 7
-
RHEL 8 STIG Version 1 Release 6
-
Ubuntu 18.04 STIG Version 2 Release 6 (new)
-
Ubuntu 20.04 STIG Version 1 Release 4 (new)
STIG-Build-Linux-Medium version 2022.2.x
-
RHEL 7 STIG Version 3 Release 7
-
RHEL 8 STIG Version 1 Release 6
-
Ubuntu 18.04 STIG Version 2 Release 6 (new)
-
Ubuntu 20.04 STIG Version 1 Release 4 (new)
STIG-Build-Linux-High version 2022.2.x
-
RHEL 7 STIG Version 3 Release 7
-
RHEL 8 STIG Version 1 Release 6
-
Ubuntu 18.04 STIG Version 2 Release 6 (new)
-
Ubuntu 20.04 STIG Version 1 Release 4 (new)
Refactored to include better support for containers. Combined the previous AL2 script with RHEL 7. Updated STIG versions and applied STIGS for the 2022 first quarter release as follows:
STIG-Build-Linux-Low version 3.6.x
-
RHEL 7 STIG Version 3 Release 6
-
RHEL 8 STIG Version 1 Release 5
STIG-Build-Linux-Medium version 3.6.x
-
RHEL 7 STIG Version 3 Release 6
-
RHEL 8 STIG Version 1 Release 5
STIG-Build-Linux-High version 3.6.x
-
RHEL 7 STIG Version 3 Release 6
-
RHEL 8 STIG Version 1 Release 5
Updated STIG versions, and applied STIGS for the 2021 fourth quarter release as follows:
STIG-Build-Linux-Low version 3.5.x
-
RHEL 7 STIG Version 3 Release 5
-
RHEL 8 STIG Version 1 Release 4
STIG-Build-Linux-Medium version 3.5.x
-
RHEL 7 STIG Version 3 Release 5
-
RHEL 8 STIG Version 1 Release 4
STIG-Build-Linux-High version 3.5.x
-
RHEL 7 STIG Version 3 Release 5
-
RHEL 8 STIG Version 1 Release 4
Updated STIG versions, and applied STIGS for the 2021 third quarter release as follows:
STIG-Build-Linux-Low version 3.4.x
-
RHEL 7 STIG Version 3 Release 4
-
RHEL 8 STIG Version 1 Release 3
STIG-Build-Linux-Medium version 3.4.x
-
RHEL 7 STIG Version 3 Release 4
-
RHEL 8 STIG Version 1 Release 3
STIG-Build-Linux-High version 3.4.x
-
RHEL 7 STIG Version 3 Release 4
-
RHEL 8 STIG Version 1 Release 3
SCAP compliance validator component
The Security Content Automation Protocol (SCAP) is a set of standards that IT
professionals can use to identify application security vulnerabilities for compliance.
The SCAP Compliance Checker (SCC) is a SCAP-validated scanning tool, released by the
Naval Information Warfare Center (NIWC) Atlantic. For more information, see Security Content Automation Protocol
(SCAP) Compliance Checker (SCC)
The AWSTOE scap-compliance-checker-windows
and
scap-compliance-checker-linux
components download and install the SCC scanner on the pipeline build and test
instances. When the scanner runs, it performs authenticated configuration scans
using DISA SCAP Benchmarks, and provides a report that includes the following
information. AWSTOE also writes the information to your application logs.
-
STIG settings that are applied to the instance.
-
An overall compliance score for the instance.
We recommend that you run SCAP validation as the final step in your build process, to ensure that you report accurate compliance validation results.
Note
You can review the reports with one of the STIG Viewing Tools
The following sections describe the benchmarks that the SCAP validation components include.
scap-compliance-checker-linux version 2021.04.0
The scap-compliance-checker-linux
component runs on the Image Builder pipeline's build and
test instances. AWSTOE logs both the report and the score that the SCC application produces.
The component performs the following workflow steps:
-
Downloads and installs the SCC application.
-
Imports the compliance benchmarks.
-
Runs validation using the SCC application.
-
Saves the compliance report and score locally on the build instance desktop.
-
Logs the compliance score from the local report to the AWSTOE application log files.
Note
AWSTOE currently supports SCAP compliance validation for Windows Server 2012 R2, 2016, and 2019.
The SCAP compliance checker component for Windows includes the following benchmarks:
SCC Version: 5.4.2
2021 Q4 Benchmarks:
-
U_MS_DotNet_Framework_4-0_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_IE11_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_2012_and_2012_R2_MS_V3R2_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Defender_AV_V2R2_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Firewall_V2R1_STIG_SCAP_1-2_Benchmark
-
U_CAN_Ubuntu_18-04_V2R4_STIG_SCAP_1-2_Benchmark
-
U_RHEL_7_V3R5_STIG_SCAP_1-2_Benchmark
-
U_RHEL_8_V1R3_STIG_SCAP_1-2_Benchmark
scap-compliance-checker-linux version 2021.04.0
The scap-compliance-checker-linux
component runs on the Image Builder pipeline's build and
test instances. AWSTOE logs both the report and the score that the SCC application produces.
The component performs the following workflow steps:
-
Downloads and installs the SCC application.
-
Imports the compliance benchmarks.
-
Runs validation using the SCC application.
-
Saves the compliance report and score locally, in the following location on the build instance:
/opt/scc/SCCResults
. -
Logs the compliance score from the local report to the AWSTOE application log files.
Note
AWSTOE currently supports SCAP compliance validation for RHEL 7/8 and Ubuntu 18. The SCC application currently supports the x86 architecture for validation.
The SCAP compliance checker component for Linux includes the following benchmarks:
SCC Version: 5.4.2
2021 Q4 Benchmarks:
-
U_CAN_Ubuntu_18-04_V2R4_STIG_SCAP_1-2_Benchmark
-
U_RHEL_7_V3R5_STIG_SCAP_1-2_Benchmark
-
U_RHEL_8_V1R3_STIG_SCAP_1-2_Benchmark
-
U_MS_DotNet_Framework_4-0_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_IE11_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_2012_and_2012_R2_MS_V3R2_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Defender_AV_V2R2_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Server_2016_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Server_2019_V2R1_STIG_SCAP_1-2_Benchmark
-
U_MS_Windows_Firewall_V2R1_STIG_SCAP_1-2_Benchmark
SCAP version history
The following table describes important changes to the SCAP environment and settings described in this document.
Change | Description | Date |
---|---|---|
Added SCAP components |
Introduced the following SCAP components:
|
December 20, 2021 |