DISA Compliance through Security Technical Implementation Guides
Vicon Position Statement
Proper cybersecurity for your surveillance network is increasingly important as potential security threats are on the rise. At Vicon, we follow best practice standards around effective IT security to ensure our solutions are configured as securely as possible. This practice is critical in eliminating the easy vectors hackers use to launch attacks.
The Defense Information Systems Agency (DISA) is the entity responsible for maintaining the security posture of the Department of Defense (DoD) IT infrastructure. As part of their mission of providing information technology and communications support to the government and associated defense agencies, they have created and maintain a security standard for computer systems and networks that connect to the DoD. DISA accomplishes this task by developing and using what they call Security Technical Implementation Guides, or “STIGs,” which contain technical guidance to ”lock down” information systems/software that might otherwise be vulnerable to a malicious computer attack. Adherence to the DISA STIG configuration standards is not optional for DoD organizations.
The DISA STIGs encompass a library of documents that explain specifically how computing devices should be configured to maximize security. There are over 400 STIGs, each describing how a specific application, operating system, network device or smartphone should be configured. Basically, they are a set of documents that tell organizations how to handle their computer systems and networks. Failure to stay compliant with guidelines issued by DISA can result in an organization being denied access to DoD networks.