Cybersecurity Technical Implementation Guide (STIGS)

Lecturer
mdtech
Category
Technology
0 Reviews

Course Description

Pricing List
Register Now

Cybersecurity Technical Implementation Guide (STIGs)

Course Code: STI 101 — STIG Implementation & RMF Alignment

STIG 101 answers the core what/why/how of implementing
DISA Security Technical Implementation Guides (STIGs) in enterprise environments.
Students develop a practical vulnerability management lens for
conceptualizing and addressing STIG requirements and mapping them into the
Risk Management Framework (RMF) lifecycle—from categorization and control selection
through assessment, authorization, and continuous monitoring.

Extensive hands-on work in a virtual lab gives learners direct experience using tools such as
SCC (STIG/SCAP checking) and STIG Viewer to import benchmarks, assess hosts,
interpret findings, and document remediation. By the end, students can operationalize STIGs
to reduce risk and produce audit-ready artifacts.

Who should take this: System administrators, ISSOs/ISSMs, security engineers, and
RMF practitioners supporting DoD or DoD-adjacent environments who need hands-on STIG skills.

What You’ll Learn

  • STIG purpose, structure, severities (CAT I/II/III), and compliance scoring
  • How STIGs align with RMF steps and control baselines
  • Using SCC to scan systems against current STIG/SCAP content
  • Working with STIG Viewer: importing checklists, documenting POA&Ms, and exceptions
  • Remediation workflows: prioritization, verification, and re-scan best practices
  • Evidence generation and reporting for audits and continuous monitoring

Topics Covered

  • STIG content types (OS, DB, app, network devices) and common findings
  • SCAP content basics, benchmarks, and update cadence
  • Checklist lifecycle: initial scan → annotate → remediate → validate
  • Waivers/justifications and risk acceptance documentation
  • Integration with vulnerability management & ticketing workflows
  • Continuous Monitoring: metrics, dashboards, and evidence retention

Format & Materials

  • Instructor-led sessions with guided, hands-on virtual labs
  • Practice with SCC scans, STIG Viewer checklists, and remediation documentation
  • Downloadable checklists, lab guides, and reporting templates

Prerequisites

  • Basic Windows/Linux administration skills and familiarity with security controls
  • Cybersecurity Fundamentals (CIS 101) or equivalent experience recommended

Outcomes & Next Steps

  • Confidently implement and document STIG compliance in lab and production
  • Map STIG activities into RMF tasks and continuous monitoring
  • Create audit-ready evidence, POA&Ms, and remediation plans
  • Prepare for roles supporting DoD accreditation and enterprise hardening efforts
🎓 Credential: Certificate of Completion — STIG Implementation (STI 101)
⏱️ Typical Duration: 24–36 hours (varies by schedule)
🛡️ Delivery: In-person or Live Online (virtual lab)

Course Info

  • Start Course: weekly
  • Duration: 20 hours
  • Prerequisites: No