PowerSTIG
3.0.0
1. Exceptions (overriding and auto-documenting)
2. Ignoring a single or entire class of rules (auto-documenting)
3. Organizational settings to address STIG rules t
1. Exceptions (overriding and auto-documenting)
2. Ignoring a single or entire class of rules (auto-documenting)
3. Organizational settings to address STIG rules that have allowable ranges.
This module is intended to be used by additional automation as a lightweight portable “database” to audit and enforce the parsed STIG data.
Minimum PowerShell version
5.1
Installation Options
Author(s)
Adam Haynes
Copyright
Copyright 2019
Package Details
Owners
Tags
DSC DesiredStateConfiguration STIG PowerStig
Functions
Get-DomainName Get-Stig New-StigCheckList
DSCResources
DotNetFramework FireFox IisServer IisSite InternetExplorer Office OracleJRE SqlServer WindowsClient WindowsDnsServer WindowsFirewall WindowsServer
Dependencies
-
- AccessControlDsc (= 1.3.0)
- AuditPolicyDsc (= 1.2.0)
- FileContentDsc (= 1.1.0.108)
- PolicyFileEditor (= 3.0.1)
- SecurityPolicyDsc (= 2.4.0)
- SqlServerDsc (= 12.1.0)
- WindowsDefenderDsc (= 1.0.0)
- xDnsServer (= 1.11.0)
- xPSDesiredStateConfiguration (= 8.3.0)
- xWebAdministration (= 2.5.0)
- xWinEventLog (= 1.2.0)
Release Notes
NEW
* Introduces class support for each rule type
* The STIG class now contains an array of rule objects vs xml elements
* Orgsettings, Exceptions, and Rule skips are all supported by the Rule base class
* Rule help is provided for any loaded rule.
* See the [wiki](https://github.com/Microsoft/PowerStig/wiki/GettingRuleHelp) for more information.
* Major code refactor to simplify maintenance and usage
* [Breaking Change] The STIG class constructor no longer accepts Orgsettings, Exceptions, or Rule skips
* That functionality has move to the load rule method
* DSC composite resource parameter validation for version numbers has been removed
* The STIG class validates all input and will throw an error if invalid data is provided.
* The Get-StigList has be updated and renamed to Get-Stig to return the STIG class
UPDATES
* Fixed [#241](https://github.com/Microsoft/PowerStig/issues/241): [WindowsFeatureRule] PsDesiredStateConfiguration\WindowsOptionalFeature doesn't properly handle features that return $null
* Fixed [#258](https://github.com/Microsoft/PowerStig/issues/258): New-StigChecklist will not accept a path without an explicit filename
* Fixed [#243](https://github.com/Microsoft/PowerStig/issues/243): [V-46515] Windows-All-IE11-1.15 Rawstring typo
* Fixed [#289](https://github.com/Microsoft/PowerStig/issues/289): Updated DocumentRule and DocumentRuleConvert Classes to parse correctly.
* Fixed [#284](https://github.com/Microsoft/PowerStig/issues/284): [V-74415] [V-74413] Windows 10 STIG rule V-74415 and V-74413 should not contain white space in key
* Fixed [290](https://github.com/Microsoft/PowerStig/issues/290): [V-76731] IIS Server STIG V-76731 fails to properly set STIG guidance because rule is not split.
* Fixed [314](https://github.com/Microsoft/PowerStig/issues/314): Update PowerSTIG to Utilize LogTargetW3C parameter in xWebAdministration 2.5.0.0.
* Fixed [334](https://github.com/Microsoft/PowerStig/issues/334): Update PowerStig to utilize AccessControlDsc 1.3.0.0
* Fixed [331](https://github.com/Microsoft/PowerStig/issues/331): 2012/R2 [V-39325] 2016 [V-73373], [V-73389] PermissionRule.Convert CheckContent Match Parser Update
* Fixed [320](https://github.com/Microsoft/PowerStig/issues/320): IIS Site STIG doesn't correctly convert STIGS that contain "SSL Settings" in raw string
* Added the following STIGs
* IIS Site 8.5 V1R6 [#276](https://github.com/Microsoft/PowerStig/issues/276)
* Windows Firewall STIG V1R7 [#319](https://github.com/Microsoft/PowerStig/issues/319)
* Removed the following STIGs
* Windows Server 2012 R2 DC 2.12
* Windows Server 2012 R2 DSN 1.7
* Active Directory Domain 2.9
* IIS Server 8.5 1.3
* IIS Site 8.5 1.2
* Removed: Internet Explorer 1.13
FileList
- PowerStig.nuspec
- PowerStig.psd1
- PowerStig.psm1
- README.md
- LICENSE
- DSCResources\ActiveDirectory.md
- DSCResources\helper.psm1
- DSCResources\WindowsDefender.md
- DSCResources\DotNetFramework\DotNetFramework.psd1
- DSCResources\DotNetFramework\DotNetFramework.schema.psm1
- DSCResources\FireFox\FireFox.psd1
- DSCResources\FireFox\FireFox.schema.psm1
- DSCResources\IisServer\IisServer.psd1
- DSCResources\IisServer\IisServer.schema.psm1
- DSCResources\IisSite\IisSite.psd1
- DSCResources\IisSite\IisSite.schema.psm1
- DSCResources\InternetExplorer\InternetExplorer.psd1
- DSCResources\InternetExplorer\InternetExplorer.schema.psm1
- DSCResources\Office\Office.psd1
- DSCResources\Office\Office.schema.psm1
- DSCResources\OracleJRE\OracleJRE.psd1
- DSCResources\OracleJRE\OracleJRE.schema.psm1
- DSCResources\Resources\firefox.ReplaceText.ps1
- DSCResources\Resources\oraclejre.KeyValuePairFile.ps1
- DSCResources\Resources\readme.md
- DSCResources\Resources\SqlServer.ScriptQuery.ps1
- DSCResources\Resources\windows.AccessControl.ps1
- DSCResources\Resources\windows.AccountPolicy.ps1
- DSCResources\Resources\windows.AuditPolicySubcategory.ps1
- DSCResources\Resources\windows.cAdministrativeTemplateSetting.ps1
- DSCResources\Resources\windows.ProcessMitigation.ps1
- DSCResources\Resources\windows.Script.RootHint.ps1
- DSCResources\Resources\windows.Script.skip.ps1
- DSCResources\Resources\windows.Script.wmi.ps1
- DSCResources\Resources\windows.SecurityOption.ps1
- DSCResources\Resources\windows.UserRightsAssignment.ps1
- DSCResources\Resources\windows.xDnsServerSetting.ps1
- DSCResources\Resources\windows.xIisLogging.ps1
- DSCResources\Resources\windows.xIisMimeTypeMapping.ps1
- DSCResources\Resources\windows.xRegistry.ps1
- DSCResources\Resources\windows.xService.ps1
- DSCResources\Resources\windows.xSslSettings.ps1
- DSCResources\Resources\windows.xWebAppPool.ps1
- DSCResources\Resources\windows.xWebConfigProperty.ps1
- DSCResources\Resources\windows.xWebSite.ps1
- DSCResources\Resources\windows.xWindowsFeature.ps1
- DSCResources\Resources\windows.xWindowsOptionalFeature.ps1
- DSCResources\Resources\windows.xWinEventLog.ps1
- DSCResources\SqlServer\SqlServer.psd1
- DSCResources\SqlServer\SqlServer.schema.psm1
- DSCResources\WindowsClient\WindowsClient.psd1
- DSCResources\WindowsClient\WindowsClient.schema.psm1
- DSCResources\WindowsDnsServer\WindowsDnsServer.psd1
- DSCResources\WindowsDnsServer\WindowsDnsServer.schema.psm1
- DSCResources\WindowsFirewall\WindowsFirewall.psd1
- DSCResources\WindowsFirewall\WindowsFirewall.schema.psm1
- DSCResources\WindowsServer\WindowsServer.psd1
- DSCResources\WindowsServer\WindowsServer.schema.psm1
- StigData\Processed\ActiveDirectory-All-Domain-2.10.org.default.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.10.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.11.org.default.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.11.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.12.org.default.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.12.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.7.org.default.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.7.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.8.org.default.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.8.xml
- StigData\Processed\DotNetFramework-4-1.4.org.default.xml
- StigData\Processed\DotNetFramework-4-1.4.xml
- StigData\Processed\DotNetFramework-4-1.6.org.default.xml
- StigData\Processed\DotNetFramework-4-1.6.xml
- StigData\Processed\FireFox-All-4.21.org.default.xml
- StigData\Processed\FireFox-All-4.21.xml
- StigData\Processed\FireFox-All-4.23.org.default.xml
- StigData\Processed\FireFox-All-4.23.xml
- StigData\Processed\FireFox-All-4.24.org.default.xml
- StigData\Processed\FireFox-All-4.24.xml
- StigData\Processed\IIS-8-5-Site-1.5.xml
- StigData\Processed\IIS-8-5-Site-1.6.xml
- StigData\Processed\IISServer-8.5-1.5.org.default.xml
- StigData\Processed\IISServer-8.5-1.5.xml
- StigData\Processed\IISServer-8.5-1.6.org.default.xml
- StigData\Processed\IISServer-8.5-1.6.xml
- StigData\Processed\IISSite-8.5-1.5.org.default.xml
- StigData\Processed\IISSite-8.5-1.5.xml
- StigData\Processed\IISSite-8.5-1.6.org.default.xml
- StigData\Processed\IISSite-8.5-1.6.xml
- StigData\Processed\InternetExplorer-11-1.15.org.default.xml
- StigData\Processed\InternetExplorer-11-1.15.xml
- StigData\Processed\InternetExplorer-11-1.16.org.default.xml
- StigData\Processed\InternetExplorer-11-1.16.xml
- StigData\Processed\Office-Excel2013-1.7.org.default.xml
- StigData\Processed\Office-Excel2013-1.7.xml
- StigData\Processed\Office-Outlook2013-1.12.org.default.xml
- StigData\Processed\Office-Outlook2013-1.12.xml
- StigData\Processed\Office-Outlook2013-1.13.org.default.xml
- StigData\Processed\Office-Outlook2013-1.13.xml
- StigData\Processed\Office-PowerPoint2013-1.6.org.default.xml
- StigData\Processed\Office-PowerPoint2013-1.6.xml
- StigData\Processed\Office-Word2013-1.6.org.default.xml
- StigData\Processed\Office-Word2013-1.6.xml
- StigData\Processed\OracleJRE-8-1.5.org.default.xml
- StigData\Processed\OracleJRE-8-1.5.xml
- StigData\Processed\SqlServer-2012-Database-1.17.org.default.xml
- StigData\Processed\SqlServer-2012-Database-1.17.xml
- StigData\Processed\SqlServer-2012-Database-1.18.org.default.xml
- StigData\Processed\SqlServer-2012-Database-1.18.xml
- StigData\Processed\SqlServer-2012-Instance-1.15.org.default.xml
- StigData\Processed\SqlServer-2012-Instance-1.15.xml
- StigData\Processed\SqlServer-2012-Instance-1.16.org.default.xml
- StigData\Processed\SqlServer-2012-Instance-1.16.xml
- StigData\Processed\SqlServer-2012-Instance-1.17.org.default.xml
- StigData\Processed\SqlServer-2012-Instance-1.17.xml
- StigData\Processed\SqlServer-2016-Instance-1.3.org.default.xml
- StigData\Processed\SqlServer-2016-Instance-1.3.xml
- StigData\Processed\WindowsClient-10-1.14.org.default.xml
- StigData\Processed\WindowsClient-10-1.14.xml
- StigData\Processed\WindowsClient-10-1.15.org.default.xml
- StigData\Processed\WindowsClient-10-1.15.xml
- StigData\Processed\WindowsClient-10-1.16.org.default.xml
- StigData\Processed\WindowsClient-10-1.16.xml
- StigData\Processed\WindowsDefender-All-1.4.org.default.xml
- StigData\Processed\WindowsDefender-All-1.4.xml
- StigData\Processed\WindowsFirewall-All-1.6.org.default.xml
- StigData\Processed\WindowsFirewall-All-1.6.xml
- StigData\Processed\WindowsFirewall-All-1.7.org.default.xml
- StigData\Processed\WindowsFirewall-All-1.7.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.13.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.13.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.14.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.14.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.15.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.15.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.10.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.10.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.11.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.11.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.9.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DNS-1.9.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.12.org.default.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.12.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.13.org.default.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.13.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.14.org.default.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.14.xml
- StigData\Processed\WindowsServer-2016-DC-1.6.org.default.xml
- StigData\Processed\WindowsServer-2016-DC-1.6.xml
- StigData\Processed\WindowsServer-2016-DC-1.7.org.default.xml
- StigData\Processed\WindowsServer-2016-DC-1.7.xml
- StigData\Processed\WindowsServer-2016-MS-1.6.org.default.xml
- StigData\Processed\WindowsServer-2016-MS-1.6.xml
- StigData\Processed\WindowsServer-2016-MS-1.7.org.default.xml
- StigData\Processed\WindowsServer-2016-MS-1.7.xml
- Module\Common\Common.psm1
- Module\Rule\Rule.LoadFactory.psm1
- Module\Rule\Rule.psm1
- Module\Rule.AccountPolicy\AccountPolicyRule.psm1
- Module\Rule.AuditPolicy\AuditPolicyRule.psm1
- Module\Rule.DnsServerRootHint\DnsServerRootHintRule.psm1
- Module\Rule.DnsServerSetting\DnsServerSettingRule.psm1
- Module\Rule.Document\DocumentRule.psm1
- Module\Rule.FileContent\FileContentRule.psm1
- Module\Rule.Group\GroupRule.psm1
- Module\Rule.IISLogging\IISLoggingRule.psm1
- Module\Rule.Manual\ManualRule.psm1
- Module\Rule.MimeType\MimeTypeRule.psm1
- Module\Rule.Permission\PermissionRule.psm1
- Module\Rule.ProcessMitigation\ProcessMitigationRule.psm1
- Module\Rule.Registry\RegistryRule.psm1
- Module\Rule.SecurityOption\SecurityOptionRule.psm1
- Module\Rule.Service\ServiceRule.psm1
- Module\Rule.Skip\Skip.psm1
- Module\Rule.SqlScriptQuery\SqlScriptQueryRule.psm1
- Module\Rule.SslSettings\SslSettingsRule.psm1
- Module\Rule.UserRight\UserRightRule.psm1
- Module\Rule.WebAppPool\WebAppPoolRule.psm1
- Module\Rule.WebConfigurationProperty\WebConfigurationPropertyRule.psm1
- Module\Rule.WindowsFeature\WindowsFeatureRule.psm1
- Module\Rule.WinEventLog\WinEventLogRule.psm1
- Module\Rule.Wmi\WmiRule.psm1
- Module\STIG\Functions.Checklist.ps1
- Module\STIG\Functions.DomainName.ps1
- Module\STIG\STIG.psm1
Version History
Version | Downloads | Last updated |
---|---|---|
4.12.1 | 651 | 3/23/2022 |
4.12.0 | 49 | 3/18/2022 |
4.11.0 | 1,844 | 12/13/2021 |
4.10.1 | 4,035 | 8/31/2021 |
4.10.0 | 203 | 8/20/2021 |
4.9.1 | 2,047 | 6/3/2021 |
4.9.0 | 234 | 6/1/2021 |
4.8.0 | 2,549 | 3/1/2021 |
4.7.1 | 664 | 1/22/2021 |
4.7.0 | 556 | 12/17/2020 |
4.6.0 | 406 | 12/1/2020 |
4.5.1 | 877 | 10/12/2020 |
4.5.0 | 392 | 9/1/2020 |
4.4.2 | 1,180 | 7/7/2020 |
4.3.0 | 1,705 | 3/27/2020 |
4.2.0 | 1,276 | 12/20/2019 |
4.1.1 | 613 | 10/31/2019 |
4.0.0 | 680 | 9/20/2019 |
3.3.0 | 539 | 8/12/2019 |
3.2.0 | 940 | 5/25/2019 |
3.1.0 | 905 | 4/1/2019 |
3.0.1 | 176 | 3/12/2019 |
3.0.0 (current version) | 111 | 3/1/2019 |
2.4.0.0 | 3,165 | 2/7/2019 |
2.3.2.0 | 655 | 12/18/2018 |
2.3.1.0 | 210 | 12/7/2018 |
2.3.0.0 | 46 | 11/30/2018 |
2.2.0.0 | 890 | 10/10/2018 |
2.1.0.0 | 1,457 | 9/5/2018 |
2.0.0.0 | 2,700 | 8/17/2018 |
1.1.1.0 | 606 | 8/13/2018 |
1.1.0.0 | 609 | 7/29/2018 |
1.0.0.0 | 1,461 | 5/31/2018 |
0.9.3.0 | 517 | 1/8/2018 |
0.9.2.8 | 64 | 12/7/2017 |
0.9.2.7 | 79 | 11/3/2017 |