Tachyon Dynamics provides unparalleled consulting service for product manufactures to develop and author their own Defense Information Systems (DISA) Vendor Security Technical Implementation Guidance (STIG). DISA has a method for vendors to use source material like the DISA Security Requirements Guides (SRG) to publish STIGs that DoD sites will use to harden and configure their systems for internal site accreditation. That process is annotated here.
What we do
1. Provide a detailed and robust Gap Analysis for systems that have not participated in the DoDIN APL. If the hardware or software has never gone through rigorous DoD testing, Tachyon Dynamics provides an environment to asses vendors that will be required for STIG implementation.
2. Interface with the DISA Risk management element (RME) supervising STIG creation.
3. Extract all SRGs deemed applicable by DISA. These could include the General Purpose Operating System SRG, Network Device Management SRG, Application Core SRG, or numerous others depending upon the overall solution discovered during the Gap Analysis.
4. Develop repeatable and testable “check content” and “fix text.”
5. Submit completed and vendor-approved content to DISA.
6. Facilitate finalization, completion, and feedback inclusion with the vendor and DISA.
7. Provide maintenance updates to DISA as SRGs and vendor software changes.
Reach out and let us know how we can help you get your own DISA Vendor STIG!
