The Defense Information Systems Agency (DISA) develops and publishes Security Technical Implementation Guides, or "STIGs." DISA STIGs provide technical guidance for hardening systems and reducing threats.
The Defense Information Systems Agency (DISA) is the U.S. Department of Defense (DoD) combat support agency responsible for maintaining the security posture of the DOD Information Network (DODIN). One of the ways DISA accomplishes this task is by developing, disseminating, and mandating the implementation of Security Technical Implementation Guides, or STIGs. In brief, STIGs are portable, standards-based guides for hardening systems to reduce threats and mitigate impact as part of a larger defense in-depth strategy. STIGs are mandatory for U.S. DoD IT systems and, as such, provide a vetted, secure baseline for non-DoD entities to measure themselves against. Starting with vSphere 6.5, the vSphere Security Configuration Guide includes a column labeled "DISA STIG" that correlates Configuration Guide controls with vSphere 6 STIG IDs. For more information, see Understanding the vSphere Security Configuration Guide.
For more information about DISA STIGs and to see the complete list, visit https://public.cyber.mil/stigs/. For more information about VMware Security Configuration Guides, see the webpage at http://www.vmware.com/security/hardening-guides.html.