Automate the assessment of firewalls, switches and routers for STIG compliance
STIGs, otherwise known as Security Technical Implementation Guides, are published by the Defense Information Systems Agency (DISA) and must be adhered to by any organization that is connecting to the US Department of Defense’s (DoD) networks.
DISA is responsible for maintaining security standards for DoD computer systems and networks. STIGs are usually published quarterly, and their purpose is to ensure all connecting organizations remain fully up-to-date and compliant. However, they can be updated at any time if a major threat or new bug has been discovered and it is the responsibility of the connecting organization to ensure compliance.
The DoD’s security needs are far higher than manufacturers, who are typically focussed on ease of use. This means connecting organizations need to have a robust approach to checking and updating their networks’ security. A system which is deemed secure one month may be vulnerable by the next.
This is where automated configuration auditing tools, such as Titania Nipper, can be extremely useful. Not only do users save time and money through automating audits and ensuring compliance with STIGs is up to date, they also receive all of the reporting necessary in an audit trail to prove compliance.
Titania's software provides:
Critical risk remediation prioritization:
- Misconfigurations detected and assessed for
- impact to the network if exploited,
- ease of exploitation, and
- ease and time to fix
- Device specific remediation advice and command-line fixes
- Daily configuration drift monitoring
Security and compliance assurance:
- Assure compliance for FISMA, HIPAA, NIST, DISA RMF, CDM, CMMC and PCI DSS
- Reduce audit times by up to 80% with evidence of compliance
- Assessor-ready reports of compliance with:
- 94% of NIST 800-53 network controls
- 89% of CMMC network practices to evidence SCRM
- 94% of PCI DSS network device procedures
Continuous misconfiguration detection and response
- Continuous visibility of misconfigurations and vulnerabilities
- Strategic, real-time prioritization of risk and remediation
- Dashboards and reports of security and compliance posture
- Roadmap to playbook-controlled auto-remediation
Check out our latest resources
Combining continuous misconfiguration detection and auto-mitigation with risk-focused compliance analysisRead more
Foundational network configuration security for Zero Trust and PCI DSS 4.0 assurance at scaleRead more
Analysing the configurations and interactions of your network infrastructure with the expertise of a skilled penetration tester - Nipper’s unrivalled accuracy typically saves auditors more than 3 hours per audit, per deviceRead more
Nipper’s NIST 800-171 Module automates the accurate assessment of 21 (60%) NIST 800-171 requirements for core network devices across 6 control families.Read more