Welcome to STIG Manager’s documentation!

STIG Manager is an Open Source API and Web client for managing the assessment of Information Systems for compliance with security checklists published by the United States (U.S.) Defense Information Systems Agency (DISA). STIG Manager supports DISA checklists distributed as either a Security Technical Implementation Guide (STIG) or a Security Requirements Guide (SRG) in the XCCDF format.

Our Project incorporates software developed since 2012 by the U.S. Naval Undersea Warfare Center Division Newport (NUWCDIVNPT). More information, and the software itself, is available on GitHub: STIG Manager

Introduction and Features
Setup and Deployment
For Users
For Admins
The STIG Manager Project
Contribution Guide
Terminology and Concepts

Build A Collection with .ckl or XCCDF Files
Review a STIG on an Asset
Review an entire Collection at once
Set the Default STIG Revision for a Collection
Accept and Reject STIG Reviews
Analyze Findings and generate a POA&M
Check evaluation progress
Add Users
Export Results
Transfer Assets to Another Collection
Tag Assets with Labels
Create a new set of STIG Assignments based on an existing set
Update Reference STIGs
Having a problem? Let us know and submit an issue on GitHub!

Getting Started with STIG Manager

These videos and others are available on our YouTube channel.

Reporting Bugs & Issues

Please file bug reports or feature requests on the STIG Manager issue tracker. When reporting a bug, please provide as much detail as possible to help us understand and reproduce the issue. Include:

Install type: Hosted, Local, Docker, etc
Detailed steps to reproduce the issue
Action taken
Expected result
Actual result
Screenshots or logs (if relevant)
Your environment details (OS, browser version, etc.)

Licenses

The repository is licensed under the MIT License, with the exception of the client, which is licensed under the GNU GPL v3.