PowerSTIG
4.0.0
1. Exceptions (overriding and auto-documenting)
2. Ignoring a single or entire class of rules (auto-documenting)
3. Organizational settings to address STIG rules t
1. Exceptions (overriding and auto-documenting)
2. Ignoring a single or entire class of rules (auto-documenting)
3. Organizational settings to address STIG rules that have allowable ranges.
This module is intended to be used by additional automation as a lightweight portable “database” to audit and enforce the parsed STIG data.
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
Copyright 2019
Package Details
Author(s)
- Microsoft Corporation
Tags
DSC DesiredStateConfiguration STIG PowerStig
Functions
Get-DomainName Get-Stig New-StigCheckList
DSCResources
DotNetFramework FireFox IisServer IisSite InternetExplorer Office OracleJRE SqlServer WindowsClient WindowsDefender WindowsDnsServer WindowsFirewall WindowsServer
Dependencies
-
- AccessControlDsc (= 1.4.0)
- AuditPolicyDsc (= 1.2.0)
- AuditSystemDsc (= 1.1.0)
- ComputerManagementDsc (= 6.2.0)
- FileContentDsc (= 1.1.0.108)
- GPRegistryPolicyDsc (= 1.0.0)
- PSDscResources (= 2.10.0)
- SecurityPolicyDsc (= 2.4.0)
- SqlServerDsc (= 12.1.0)
- WindowsDefenderDsc (= 1.0.0)
- xDnsServer (= 1.11.0)
- xWebAdministration (= 2.5.0)
Release Notes
* Update PowerSTIG parsing for Windows Sever 2016 STIG - Ver 1, Rel 9 [#498] (https://github.com/microsoft/PowerStig/issues/498)
* Fixed [#507](https://github.com/microsoft/PowerStig/issues/507): Get-HardCodedRuleLogFileEntry Errors on RegistryRule
* Update PowerSTIG to leverage the GPRegistryPolicyDsc resource for Local Group Policy automation: [#497](https://github.com/microsoft/PowerStig/issues/497)
* Update PowerSTIG to enable the logfile framework to consume a hashtable for HardCodedRule: [#494](https://github.com/microsoft/PowerStig/issues/494)
* Update PowerSTIG to pass OrgSettings in via configuration hashtable: [#372](https://github.com/microsoft/PowerStig/issues/372)
* Update support for SQL Server 2012 Database STIG, Version 1, Release 19 [#482](https://github.com/microsoft/PowerStig/issues/482)
* Fixed [#478](https://github.com/microsoft/PowerStig/issues/478): SQL STIG Instance V-40936 Fails to apply
* Update PowerSTIG to automate applying the IIS 8.5 STIG, Version 1 Release 8. [#469](https://github.com/microsoft/PowerStig/issues/469)
* Fixed [#476](https://github.com/microsoft/PowerStig/issues/476): AuditSetting Rule for Windows STIGs has an incorrect operator when evaluating Service Pack information
* Added support for Dot Net Framework 4.0 STIG, Version 1, Release 8 [#447](https://github.com/microsoft/PowerStig/issues/447)
* Added support for Windows 10 STIG, Version 1, Release 17 & 18: [#466](https://github.com/microsoft/PowerStig/issues/466)
* Added support for Windows 2012 Server DNS STIG, Version 1, Release 12 [#464](https://github.com/microsoft/PowerStig/issues/464)
* Update PowerSTIG to automate applying the Windows Server 2012R2 DC & MS STIG, Version 2, Release 17 & 16 respectively. [#456](https://github.com/microsoft/PowerStig/issues/456)
* Fixed [#444](https://github.com/microsoft/PowerStig/issues/444): Duplicate principals in Permission Rule (Registry)
* Updated logfile in 2012R2 DC STIG leveraging HardCodedRule to automate additional STIG rules. [#446](https://github.com/microsoft/PowerStig/issues/446)
* Updated logfile in 2012R2 MS STIG leveraging HardCodedRule to automate additional STIG rules. [#448](https://github.com/microsoft/PowerStig/issues/448)
* Declarative definition of a rule in the StigData log file to provide a standard way to populate unautomated rules [#435](https://github.com/microsoft/PowerStig/issues/435)
* Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule [#431](https://github.com/Microsoft/PowerStig/issues/431)
* Fixed [#419](https://github.com/Microsoft/PowerStig/issues/419): PowerStig is creating resource xSSLSettings with the wrong value for Name.
* Added support for Windows Defender, Version 1, Release 5 [#393](https://github.com/microsoft/PowerStig/issues/393)
* Added support for Internet Explorer 11 Version 1, Release 17 [#422](https://github.com/Microsoft/PowerStig/issues/422)
* Added support for Server 2016 STIG, Version 1, Release 8 [#418](https://github.com/Microsoft/PowerStig/issues/418)
* Update PowerSTIG to enforce additional rules in the SQL Server 2012 STIG [#438](https://github.com/microsoft/PowerStig/issues/438)
* Added support for Windows Defender Antivirus STIG, Version 1, Release 6 [#462](https://github.com/Microsoft/PowerStig/issues/462)
* Added support for Firefox STIG v4r26 [#458](https://github.com/Microsoft/PowerStig/issues/458)
* Updated logfile in DotNet Framework STIG leveraging HardCodedRule to automate additional STIG rules. [#454](https://github.com/microsoft/PowerStig/issues/454)
* Fixed [#493](https://github.com/microsoft/PowerStig/issues/493): IIS 8/5 Server STIG rule V-76745 is referencing the incorrect IIS default path
* Fixed [#505](https://github.com/microsoft/PowerStig/issues/505): Missing reg key setting on V-76759 IIS Server 8.5 v1R7
FileList
- PowerSTIG.nuspec
- PowerStig.psd1
- PowerStig.psm1
- README.md
- LICENSE
- DSCResources\ActiveDirectory.md
- DSCResources\helper.psm1
- DSCResources\DotNetFramework\DotNetFramework.psd1
- DSCResources\DotNetFramework\DotNetFramework.schema.psm1
- DSCResources\FireFox\FireFox.psd1
- DSCResources\FireFox\FireFox.schema.psm1
- DSCResources\IisServer\IisServer.psd1
- DSCResources\IisServer\IisServer.schema.psm1
- DSCResources\IisSite\IisSite.psd1
- DSCResources\IisSite\IisSite.schema.psm1
- DSCResources\InternetExplorer\InternetExplorer.psd1
- DSCResources\InternetExplorer\InternetExplorer.schema.psm1
- DSCResources\Office\Office.psd1
- DSCResources\Office\Office.schema.psm1
- DSCResources\OracleJRE\OracleJRE.psd1
- DSCResources\OracleJRE\OracleJRE.schema.psm1
- DSCResources\Resources\firefox.ReplaceText.ps1
- DSCResources\Resources\oraclejre.KeyValuePairFile.ps1
- DSCResources\Resources\readme.md
- DSCResources\Resources\SqlServer.ScriptQuery.ps1
- DSCResources\Resources\windows.AccessControl.ps1
- DSCResources\Resources\windows.AccountPolicy.ps1
- DSCResources\Resources\windows.AuditPolicySubcategory.ps1
- DSCResources\Resources\windows.AuditSetting.ps1
- DSCResources\Resources\windows.ProcessMitigation.ps1
- DSCResources\Resources\windows.RefreshRegistryPolicy.ps1
- DSCResources\Resources\windows.Registry.ps1
- DSCResources\Resources\windows.Script.RootHint.ps1
- DSCResources\Resources\windows.Script.skip.ps1
- DSCResources\Resources\windows.SecurityOption.ps1
- DSCResources\Resources\windows.Service.ps1
- DSCResources\Resources\windows.UserRightsAssignment.ps1
- DSCResources\Resources\windows.WindowsEventLog.ps1
- DSCResources\Resources\windows.WindowsFeature.ps1
- DSCResources\Resources\windows.WindowsOptionalFeature.ps1
- DSCResources\Resources\windows.xDnsServerSetting.ps1
- DSCResources\Resources\windows.xIisLogging.ps1
- DSCResources\Resources\windows.xIisMimeTypeMapping.ps1
- DSCResources\Resources\windows.xSslSettings.ps1
- DSCResources\Resources\windows.xWebAppPool.ps1
- DSCResources\Resources\windows.xWebConfigProperty.ps1
- DSCResources\Resources\windows.xWebSite.ps1
- DSCResources\SqlServer\SqlServer.psd1
- DSCResources\SqlServer\SqlServer.schema.psm1
- DSCResources\WindowsClient\WindowsClient.psd1
- DSCResources\WindowsClient\WindowsClient.schema.psm1
- DSCResources\WindowsDefender\WindowsDefender.psd1
- DSCResources\WindowsDefender\WindowsDefender.schema.psm1
- DSCResources\WindowsDnsServer\WindowsDnsServer.psd1
- DSCResources\WindowsDnsServer\WindowsDnsServer.schema.psm1
- DSCResources\WindowsFirewall\WindowsFirewall.psd1
- DSCResources\WindowsFirewall\WindowsFirewall.schema.psm1
- DSCResources\WindowsServer\WindowsServer.psd1
- DSCResources\WindowsServer\WindowsServer.schema.psm1
- StigData\Processed\ActiveDirectory-All-Domain-2.11.org.default.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.11.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.12.org.default.xml
- StigData\Processed\ActiveDirectory-All-Domain-2.12.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.7.org.default.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.7.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.8.org.default.xml
- StigData\Processed\ActiveDirectory-All-Forest-2.8.xml
- StigData\Processed\DotNetFramework-4-1.7.org.default.xml
- StigData\Processed\DotNetFramework-4-1.7.xml
- StigData\Processed\DotNetFramework-4-1.8.org.default.xml
- StigData\Processed\DotNetFramework-4-1.8.xml
- StigData\Processed\FireFox-All-4.25.org.default.xml
- StigData\Processed\FireFox-All-4.25.xml
- StigData\Processed\FireFox-All-4.26.org.default.xml
- StigData\Processed\FireFox-All-4.26.xml
- StigData\Processed\IISServer-8.5-1.6.org.default.xml
- StigData\Processed\IISServer-8.5-1.6.xml
- StigData\Processed\IISServer-8.5-1.7.org.default.xml
- StigData\Processed\IISServer-8.5-1.7.xml
- StigData\Processed\IISSite-8.5-1.7.org.default.xml
- StigData\Processed\IISSite-8.5-1.7.xml
- StigData\Processed\IISSite-8.5-1.8.org.default.xml
- StigData\Processed\IISSite-8.5-1.8.xml
- StigData\Processed\InternetExplorer-11-1.16.org.default.xml
- StigData\Processed\InternetExplorer-11-1.16.xml
- StigData\Processed\InternetExplorer-11-1.17.org.default.xml
- StigData\Processed\InternetExplorer-11-1.17.xml
- StigData\Processed\Office-Excel2013-1.7.org.default.xml
- StigData\Processed\Office-Excel2013-1.7.xml
- StigData\Processed\Office-Excel2016-1.2.org.default.xml
- StigData\Processed\Office-Excel2016-1.2.xml
- StigData\Processed\Office-Outlook2013-1.12.org.default.xml
- StigData\Processed\Office-Outlook2013-1.12.xml
- StigData\Processed\Office-Outlook2013-1.13.org.default.xml
- StigData\Processed\Office-Outlook2013-1.13.xml
- StigData\Processed\Office-Outlook2016-1.2.org.default.xml
- StigData\Processed\Office-Outlook2016-1.2.xml
- StigData\Processed\Office-PowerPoint2013-1.6.org.default.xml
- StigData\Processed\Office-PowerPoint2013-1.6.xml
- StigData\Processed\Office-PowerPoint2016-1.1.org.default.xml
- StigData\Processed\Office-PowerPoint2016-1.1.xml
- StigData\Processed\Office-Word2013-1.6.org.default.xml
- StigData\Processed\Office-Word2013-1.6.xml
- StigData\Processed\Office-Word2016-1.1.org.default.xml
- StigData\Processed\Office-Word2016-1.1.xml
- StigData\Processed\OracleJRE-8-1.5.org.default.xml
- StigData\Processed\OracleJRE-8-1.5.xml
- StigData\Processed\SqlServer-2012-Database-1.18.org.default.xml
- StigData\Processed\SqlServer-2012-Database-1.18.xml
- StigData\Processed\SqlServer-2012-Database-1.19.org.default.xml
- StigData\Processed\SqlServer-2012-Database-1.19.xml
- StigData\Processed\SqlServer-2012-Instance-1.17.org.default.xml
- StigData\Processed\SqlServer-2012-Instance-1.17.xml
- StigData\Processed\SqlServer-2012-Instance-1.19.org.default.xml
- StigData\Processed\SqlServer-2012-Instance-1.19.xml
- StigData\Processed\SqlServer-2016-Instance-1.3.org.default.xml
- StigData\Processed\SqlServer-2016-Instance-1.3.xml
- StigData\Processed\WindowsClient-10-1.17.org.default.xml
- StigData\Processed\WindowsClient-10-1.17.xml
- StigData\Processed\WindowsClient-10-1.18.org.default.xml
- StigData\Processed\WindowsClient-10-1.18.xml
- StigData\Processed\WindowsDefender-All-1.5.org.default.xml
- StigData\Processed\WindowsDefender-All-1.5.xml
- StigData\Processed\WindowsDefender-All-1.6.org.default.xml
- StigData\Processed\WindowsDefender-All-1.6.xml
- StigData\Processed\WindowsDnsServer-2012R2-1.11.org.default.xml
- StigData\Processed\WindowsDnsServer-2012R2-1.11.xml
- StigData\Processed\WindowsDnsServer-2012R2-1.12.org.default.xml
- StigData\Processed\WindowsDnsServer-2012R2-1.12.xml
- StigData\Processed\WindowsFirewall-All-1.6.org.default.xml
- StigData\Processed\WindowsFirewall-All-1.6.xml
- StigData\Processed\WindowsFirewall-All-1.7.org.default.xml
- StigData\Processed\WindowsFirewall-All-1.7.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.16.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.16.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.17.org.default.xml
- StigData\Processed\WindowsServer-2012R2-DC-2.17.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.15.org.default.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.15.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.16.org.default.xml
- StigData\Processed\WindowsServer-2012R2-MS-2.16.xml
- StigData\Processed\WindowsServer-2016-DC-1.8.org.default.xml
- StigData\Processed\WindowsServer-2016-DC-1.8.xml
- StigData\Processed\WindowsServer-2016-DC-1.9.org.default.xml
- StigData\Processed\WindowsServer-2016-DC-1.9.xml
- StigData\Processed\WindowsServer-2016-MS-1.8.org.default.xml
- StigData\Processed\WindowsServer-2016-MS-1.8.xml
- StigData\Processed\WindowsServer-2016-MS-1.9.org.default.xml
- StigData\Processed\WindowsServer-2016-MS-1.9.xml
- Module\Common\Common.psm1
- Module\Common\Functions.Helper.ps1
- Module\Rule\Rule.LoadFactory.psm1
- Module\Rule\Rule.psm1
- Module\Rule.AccountPolicy\AccountPolicyRule.psm1
- Module\Rule.AuditPolicy\AuditPolicyRule.psm1
- Module\Rule.AuditSetting\AuditSettingRule.psm1
- Module\Rule.DnsServerRootHint\DnsServerRootHintRule.psm1
- Module\Rule.DnsServerSetting\DnsServerSettingRule.psm1
- Module\Rule.Document\DocumentRule.psm1
- Module\Rule.FileContent\FileContentRule.psm1
- Module\Rule.Group\GroupRule.psm1
- Module\Rule.IISLogging\IISLoggingRule.psm1
- Module\Rule.Manual\ManualRule.psm1
- Module\Rule.MimeType\MimeTypeRule.psm1
- Module\Rule.Permission\PermissionRule.psm1
- Module\Rule.ProcessMitigation\ProcessMitigationRule.psm1
- Module\Rule.Registry\RegistryRule.psm1
- Module\Rule.SecurityOption\SecurityOptionRule.psm1
- Module\Rule.Service\ServiceRule.psm1
- Module\Rule.Skip\Skip.psm1
- Module\Rule.SqlScriptQuery\SqlScriptQueryRule.psm1
- Module\Rule.SslSettings\SslSettingsRule.psm1
- Module\Rule.UserRight\UserRightRule.psm1
- Module\Rule.WebAppPool\WebAppPoolRule.psm1
- Module\Rule.WebConfigurationProperty\WebConfigurationPropertyRule.psm1
- Module\Rule.WindowsFeature\WindowsFeatureRule.psm1
- Module\Rule.WinEventLog\WinEventLogRule.psm1
- Module\STIG\Functions.Checklist.ps1
- Module\STIG\Functions.DomainName.ps1
- Module\STIG\STIG.psm1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 4.21.0 | 4,965 | 3/1/2024 |
| 4.20.0 | 2,959 | 1/12/2024 |
| 4.19.0 | 1,314 | 12/22/2023 |
| 4.18.0 | 3,428 | 9/5/2023 |
| 4.17.0 | 1,992 | 6/27/2023 |
| 4.16.0 | 3,333 | 3/16/2023 |
| 4.15.0 | 1,928 | 12/29/2022 |
| 4.14.0 | 2,856 | 9/14/2022 |
| 4.13.1 | 1,689 | 6/27/2022 |
| 4.13.0 | 219 | 6/16/2022 |
| 4.12.1 | 1,139 | 3/23/2022 |
| 4.12.0 | 69 | 3/18/2022 |
| 4.11.0 | 2,443 | 12/13/2021 |
| 4.10.1 | 4,610 | 8/31/2021 |
| 4.10.0 | 215 | 8/20/2021 |
| 4.9.1 | 3,256 | 6/3/2021 |
| 4.9.0 | 245 | 6/1/2021 |
| 4.8.0 | 2,560 | 3/1/2021 |
| 4.7.1 | 697 | 1/22/2021 |
| 4.7.0 | 565 | 12/17/2020 |
| 4.6.0 | 650 | 12/1/2020 |
| 4.5.1 | 892 | 10/12/2020 |
| 4.5.0 | 419 | 9/1/2020 |
| 4.4.2 | 1,190 | 7/7/2020 |
| 4.3.0 | 1,716 | 3/27/2020 |
| 4.2.0 | 1,293 | 12/20/2019 |
| 4.1.1 | 621 | 10/31/2019 |
| 4.0.0 (current version) | 692 | 9/20/2019 |
| 3.3.0 | 548 | 8/12/2019 |
| 3.2.0 | 949 | 5/25/2019 |
| 3.1.0 | 914 | 4/1/2019 |
| 3.0.1 | 185 | 3/12/2019 |
| 3.0.0 | 119 | 3/1/2019 |
| 2.4.0.0 | 3,423 | 2/7/2019 |
| 2.3.2.0 | 663 | 12/18/2018 |
| 2.3.1.0 | 219 | 12/7/2018 |
| 2.3.0.0 | 55 | 11/30/2018 |
| 2.2.0.0 | 910 | 10/10/2018 |
| 2.1.0.0 | 1,466 | 9/5/2018 |
| 2.0.0.0 | 2,710 | 8/17/2018 |
| 1.1.1.0 | 615 | 8/13/2018 |
| 1.1.0.0 | 618 | 7/29/2018 |
| 1.0.0.0 | 1,470 | 5/31/2018 |
| 0.9.3.0 | 526 | 1/8/2018 |
| 0.9.2.8 | 73 | 12/7/2017 |
| 0.9.2.7 | 88 | 11/3/2017 |