StigRepo

1.4.2

The Stig-Repo module leverages PowerSTIG and Desired State Configuration to build and drive the STIG Compliance Automation Repository (SCAR) - an automated Infrastructure as Code framework for Security Technical Implementation Guide (STIG) Compliance.

SCAR accelerates Azure readiness and ATO/CCRI processes through automated STIG compliance and digital transformatio
The Stig-Repo module leverages PowerSTIG and Desired State Configuration to build and drive the STIG Compliance Automation Repository (SCAR) - an automated Infrastructure as Code framework for Security Technical Implementation Guide (STIG) Compliance.

SCAR accelerates Azure readiness and ATO/CCRI processes through automated STIG compliance and digital transformation by establishing an infrastructure as code platform that organizations can customize build on top of to quickly establish and deploy Azure baselines.

Primary Capabilities:

1. Initialize-StigRepo: Builds the STIG Compliance Automation Repository and installs dependencies on the local system
2. New-SystemData: Scans the Active Directory Environment for targetted systems, determines applicable STIGs, and generates DSC configuration data
3. Start-DscBuild: Generates DSC Configuration scripts and MOF files for all DSC Nodes
4. Sync-DscModules: Syncs DSC module dependencies across all DSC Nodes
5. Set-WinRMConfig: Expands MaxEnvelopSize on all DSC nodes
6. Get-StigChecklists: Generates STIG Checklists for all applicable STIGs for each DSC Node
7. Update-StigRepo: Updates/downloads latest dependencies to SCAR Repo and upgrades STIG Data Files

Dependencies

1. Must be executed from an internet-connected system to install module dependencies
2. Must be executed from a system with the Active Directory module installed.
3. DSCSM Leverages PowerSTIG to drive the dynamic DSC configurations included withint he module (installed with Build-Repo or Update-ScarRepo)
4. Powershell Version 5.1 or greater

The STIG Compliance Automation Repository Structure
SCAR organizes the repository to deploy and document STIGs using the folders listed below:

1. Systems: Folders for each identified Organizational Unit in Active Directory and a Powershell Data file for each identified system.
2. Configurations: Dynamic PowerSTIG Configurations for that are customized by paremeters provided within system data files.
3. Artifacts: Consumable items produced by SCAR. SCAR produces DSCConfigs, MOFS, and STIG Checklists out of the box.
4. Resources: Dependendencies leveraged by SCAR to generate SystemData and Artifacts. SCAR has Modules, Stig Data, and Wiki resources out of the box.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name StigRepo -RequiredVersion 1.4.2

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Microsoft Corporation

Copyright

Copyright (c) Microsoft Corporation. All rights reserved.

Owners

Tags

DSC DesiredStateConfiguration STIG PowerStig StigRepo

Functions

Initialize-StigRepo Compress-StigRepoArtifacts Get-ManualCheckFileFromXccdf Get-StigChecklists Import-DscModules New-AzSystemData New-SystemData Publish-AzAutomationModules Publish-RepoToBlob Publish-SCARArtifacts Remove-ScarData Set-WinRMConfig Start-DscBuild Sync-DscModules Update-StigRepo Get-ApplicableStigs Import-AzDscConfigurations Register-AzAutomationNodes Export-AzDscConfigurations Remove-StigRepoData Get-StigChecklist Get-StigFiles Get-CombinedConfigs Export-DynamicConfigs Export-Mofs

Dependencies

This module has no dependencies.

Release Notes

[Issue #13]("https://github.com/microsoft/StigRepo/issues/13") New-SystemData localhost switch fails to generate system data properly
       [Issue #14]("https://github.com/microsoft/StigRepo/issues/14") New-SystemData ComputerName switch generated system data for all systems in the ComputerName OU
       [Issue #18]("https://github.com/microsoft/StigRepo/issues/18") Incorporated file location check/prompt for Initialize StigRepo
       [Issue #17]("https://github.com/microsoft/StigRepo/issues/17") Start-DscBuild causing PoSH to crash if no systemdata is present
       [Issue #19]("https://github.com/microsoft/StigRepo/issues/19") New-SystemData fails to generate config data for systems if they are in an OU/CN at the root of AD
       [Issue #24]("https://github.com/microsoft/StigRepo/issues/24") Reduced New-SystemData job status checks from 30 to 15 seconds
       [Issue #25]("https://github.com/microsoft/StigRepo/issues/25") IIS Minor Version not included in when running New-System data in PoSH 7

Version History

Version Downloads Last updated
1.5 143 11/10/2021
1.4.2 (current version) 170 8/24/2021
1.3 120 6/16/2021
1.2 62 6/7/2021