{"id":1907,"date":"2017-12-11T00:03:54","date_gmt":"2017-12-11T00:03:54","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=1907"},"modified":"2020-05-06T10:27:54","modified_gmt":"2020-05-06T17:27:54","slug":"disa-stig-compliance-for-the-enterprise-network-really","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/","title":{"rendered":"DISA STIG Compliance for the Enterprise Network\u2026Really?"},"content":{"rendered":"<p>When most enterprise network experts hear\u00a0<a href=\"https:\/\/iase.disa.mil\/stigs\/Pages\/index.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG)<\/a>, the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d\u00a0 While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1894\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/feb-25.jpg\" alt=\"DISA STIG Compliance for the Enterprise Network\u2026Really?\" width=\"660\" height=\"454\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg 660w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25-300x206.jpg 300w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/p>\n<p>While non-government organizations may not be forced to pass a DISA STIG audit, the majority have their own compliance standards or best practices they must follow.\u00a0 In the enterprise world, there are two broad types of requirements \u2013 external standards imposed on enterprises and internal best practices that are self-imposed.<\/p>\n<ul>\n<li>External standards imposed on enterprises \u2013 These are the most visible compliance standards because regulatory bodies place requirements on an organization based on certain criteria. Examples include standards like\u00a0<a href=\"https:\/\/www.pcisecuritystandards.org\/pci_security\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">PCI DSS<\/a>\u00a0for organizations accepting credit cards or industry-specific mandates like HIPAA for the healthcare industry and\u00a0<a href=\"http:\/\/www.nerc.com\/Pages\/default.aspx\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">NERC<\/a>\/<a href=\"https:\/\/www.ferc.gov\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">FERC<\/a>\u00a0for the utility industry.<\/li>\n<li>Internal best practices that are self-imposed \u2013 Regardless of mandatory external standards applied to an organization, most successful enterprises have evolved a set of internal best practices that help maintain a safe, secure, and reliable network. Custom rules or policies should be created to ensure that goal.<\/li>\n<\/ul>\n<h2 id=\"toc-hId--1333307120\"><strong><span style=\"font-size: large;\">Compliance \u2013 Love or Hate?<\/span><\/strong><\/h2>\n<p>In a playful way, I tend to group compliance mandates with personal healthcare traits.\u00a0 Should I exercise more?\u00a0 Track what I eat better? Schedule preventive doctor appointments?\u00a0 We all say yes, yes, and yes, but many of us don\u2019t do it well because we are too busy with other things and only think about it when we get sick.<\/p>\n<p>Compliance can be the same thing: we know we should be tracking and monitoring continuously.\u00a0 But do we?\u00a0 Typically it\u2019s something we put off because it\u2019s a tedious, manual process for most IT teams for implementation \u2013 and we all are too busy already.\u00a0 As a result, we tend to ignore compliance measures until we can\u2019t \u2013 either when something breaks (or is broken into) or when an audit is required.<\/p>\n<h2 id=\"toc-hId--445803439\"><strong><span style=\"font-size: large;\">There is a Better Way<\/span><\/strong><\/h2>\n<p>While there are many nuances and details, there are three high-level processes that need to be followed for building and adhering to internal best practice policies and\/or external mandates:<\/p>\n<ul>\n<li>Build the definition of what policy must be followed by which device.<\/li>\n<li>Implement the policies and ensure the current state of each device is compliant.<\/li>\n<li>Continuously monitor any change over time and ensure the policy isn\u2019t violated.<\/li>\n<\/ul>\n<p>Defining policies can be extremely challenging because organizations need to think about many different requirements and goals across the enterprise.\u00a0 Too often, the IT team is overworked with day-to-day requirements to set aside weeks or months to build detailed best practices and standards because there is often no clear starting point.<\/p>\n<p>For many standards, policies are not well defined.\u00a0 What does \u201ckeep a safe and secure network\u201d mean?\u00a0 How do I take that from a vision to something that can be implemented?\u00a0 Do I have the expertise in-house?\u00a0 Do I have budget to hire a consultant?\u00a0 I don\u2019t have an audit coming up, so should I just ignore it?<\/p>\n<h2 id=\"toc-hId-441700242\"><strong><span style=\"font-size: large;\">Someone Else Already Did the Hard Work for You<\/span><\/strong><\/h2>\n<p>This is where DISA STIG can help an enterprise or non-government organization \u2013 the building of definitions and policies for devices.\u00a0 From a network infrastructure point of view, the DISA STIG standards has hundreds of category 1, 2, and 3 rules\/best practices for devices including:<\/p>\n<ul>\n<li>Firewall<\/li>\n<li>Infrastructure Layer 2 Switch<\/li>\n<li>Infrastructure Layer 3 Switch<\/li>\n<li>Infrastructure Router<\/li>\n<li>Network Devices<\/li>\n<li>Perimeter Layer 3 Switch<\/li>\n<li>Perimeter Router<\/li>\n<\/ul>\n<p>The DISA STIG standards highlight many things IT and networking teams should be looking for with regard to standards and best practices, so it\u2019s a great starting place for taking the first step of compliance \u2013 defining the individual policies for both internal and external mandates. \u00a0Don\u2019t guess and build from scratch when you have a well-defined blueprint available that can be tweaked for your needs.<\/p>\n<p>When it comes to an audit, you\u2019ll be much more successful if you can say \u201cwe are using the DISA STIG policies and rules as our standards\u201d instead of \u201cwe\u2019re good, trust me.\u201d<\/p>\n<p><span style=\"font-size: large;\"><strong>It\u2019s a Start, but There is More<\/strong><\/span><\/p>\n<p>When it comes to step 2 (initial deployment of policies) and step 3 (continuous monitoring of policies), this is where an automated network change and configuration management solution can come in handy.\u00a0 This type of solution helps automate many of the manual tasks typically associated with compliance monitoring.<\/p>\n<p>If you\u2019re looking to improve and automate network compliance or best practice monitoring, there are several things you should look for in a solution:<\/p>\n<ul>\n<li>Built-in policies and standards for common mandates (i.e. DISA STIG, PCI DSS, NSA, etc.) with automated updates<\/li>\n<li>Ability to easily modify policies and\/or create new rules bases on your individual requirements<\/li>\n<li>Discovery of devices, device types, and operating systems because rules likely vary across different attributes<\/li>\n<li>Templates to build policies based on needs (i.e. vendor, device type, application, internal\/external facing, etc.)<\/li>\n<li>Immediate comparison of current configuration against the rule<\/li>\n<li>Ongoing tracking of all configuration changes with the ability to compare new configurations to the rule templates<\/li>\n<li>Notification of rule violations with the ability to remediate immediately or on demand<\/li>\n<li>Reporting and documentation for both troubleshooting and auditing<\/li>\n<\/ul>\n<p>While starting and defining an internal best practice or deciphering an external mandate can be overwhelming at first, don\u2019t put your head in the sand and wait until there is a breach or an audit.\u00a0 There are steps you can take to make the process bite-sized and digestible.\u00a0 Leverage existing standards such as DISA STIG as a starting point and modify based on your requirements.\u00a0 Take advantage of automated network change and configuration management tools to eliminate the tedious, manual, repetitive processes.<\/p>\n<p>Setting up policies for tracking and monitoring best practices or mandates isn\u2019t binary or a flip of a switch.\u00a0 It\u2019s an evolutionary process where you build the standards, start tracking, monitor over time, and make continuous tweaks based on your individual needs.\u00a0 Take advantage of what others have built to make your job easier.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When most enterprise network experts hear\u00a0Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d\u00a0 While the first part is correct that DISA STIG requirements are generally [&hellip;]<\/p>\n","protected":false},"author":234,"featured_media":1894,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[91],"class_list":{"0":"post-1907","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-nccm","9":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DISA STIG Compliance for the Enterprise Network\u2026Really?<\/title>\n<meta name=\"description\" content=\"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DISA STIG Compliance for the Enterprise Network\u2026Really?\" \/>\n<meta property=\"og:description\" content=\"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-11T00:03:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:27:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Matt Gowarty\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matt Gowarty\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/\"},\"author\":{\"name\":\"Matt Gowarty\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/f9f718e29533bcf87b60d953419e7fe1\"},\"headline\":\"DISA STIG Compliance for the Enterprise Network\u2026Really?\",\"datePublished\":\"2017-12-11T00:03:54+00:00\",\"dateModified\":\"2020-05-06T17:27:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/\"},\"wordCount\":1050,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/feb-25.jpg\",\"keywords\":[\"NCCM\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/\",\"name\":\"DISA STIG Compliance for the Enterprise Network\u2026Really?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/feb-25.jpg\",\"datePublished\":\"2017-12-11T00:03:54+00:00\",\"dateModified\":\"2020-05-06T17:27:54+00:00\",\"description\":\"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/feb-25.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/feb-25.jpg\",\"width\":660,\"height\":454,\"caption\":\"DISA STIG Compliance for the Enterprise Network\u2026Really?\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/disa-stig-compliance-for-the-enterprise-network-really\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DISA STIG Compliance for the Enterprise Network\u2026Really?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/f9f718e29533bcf87b60d953419e7fe1\",\"name\":\"Matt Gowarty\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g\",\"caption\":\"Matt Gowarty\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/matt-gowarty\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DISA STIG Compliance for the Enterprise Network\u2026Really?","description":"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/","og_locale":"en_US","og_type":"article","og_title":"DISA STIG Compliance for the Enterprise Network\u2026Really?","og_description":"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/","og_site_name":"Infoblox Blog","article_published_time":"2017-12-11T00:03:54+00:00","article_modified_time":"2020-05-06T17:27:54+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg","type":"image\/jpeg"}],"author":"Matt Gowarty","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Matt Gowarty","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/"},"author":{"name":"Matt Gowarty","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/f9f718e29533bcf87b60d953419e7fe1"},"headline":"DISA STIG Compliance for the Enterprise Network\u2026Really?","datePublished":"2017-12-11T00:03:54+00:00","dateModified":"2020-05-06T17:27:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/"},"wordCount":1050,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg","keywords":["NCCM"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/","url":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/","name":"DISA STIG Compliance for the Enterprise Network\u2026Really?","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg","datePublished":"2017-12-11T00:03:54+00:00","dateModified":"2020-05-06T17:27:54+00:00","description":"When most enterprise network experts hear Defense Investigation Services Agency\u2019s (DISA) Security Technical Implementation Guide (STIG), the immediate reaction tends to be \u201cI\u2019m not part of the federal government or Department of Defense, so it doesn\u2019t impact me and has no value to me.\u201d While the first part is correct that DISA STIG requirements are generally imposed on government entities, the second part is incorrect because DISA STIG best practices can provide huge value to enterprises.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/feb-25.jpg","width":660,"height":454,"caption":"DISA STIG Compliance for the Enterprise Network\u2026Really?"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/disa-stig-compliance-for-the-enterprise-network-really\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"DISA STIG Compliance for the Enterprise Network\u2026Really?"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/f9f718e29533bcf87b60d953419e7fe1","name":"Matt Gowarty","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/45bd30ddc4218d451bd643e8aecdfa6b860bc6699ea6119e097cb2237da5b658?s=96&d=blank&r=g","caption":"Matt Gowarty"},"url":"https:\/\/www.infoblox.com\/blog\/author\/matt-gowarty\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/234"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=1907"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1907\/revisions"}],"predecessor-version":[{"id":1909,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1907\/revisions\/1909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/1894"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=1907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=1907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=1907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}