AvePoint Fly Server STIG Ver 1, Rel 1 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - AvePoint Fly Server STIG - Ver 1, Rel 1
- Defense Information Systems Agency
Target:
| Target | CPE Name |
|---|---|
| AvePoint Fly Server | cpe:/a:avepoint:fly_server:- (View CVEs) |
Checklist Highlights
- Checklist Name:
- AvePoint Fly Server STIG
- Checklist ID:
- 1345
- Version:
- Ver 1, Rel 1
- Type:
- Compliance
- Review Status:
- Candidate
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 07/07/2026
Checklist Summary:
The AvePoint Fly Server Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of War (DoW) information systems. This document is meant for use in conjunction with other STIGs, such as the Microsoft SQL Server and appropriate operating system STIGs. Fly Server is a migration tool for On-Premises and Cloud Microsoft environments.
Checklist Role:
- Business Productivity Application
Known Issues:
Not provided.
Target Audience:
Not provided.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Parties within the DoW and federal government’s computing environments can obtain the applicable STIG from the DoW Cyber Exchange website at https://cyber.mil/. This site contains the latest copies of STIGs, SRGs, and other related security information. Those without a common access card (CAC) that has DoW Certificates can obtain the STIG from https://public.cyber.mil/.
Regulatory Compliance:
Department of Defense Instruction (DODI) 8500.01
Comments/Warnings/Miscellaneous:
All technical NIST SP 800-53 requirements were considered while developing this STIG. Requirements that are applicable and configurable will be included in the final STIG. A report marked Controlled Unclassified Information (CUI) will be available for items that did not meet requirements. This report will be available to component authorizing official (AO) personnel for risk assessment purposes by request via email to: [email protected].
Disclaimer:
DISA accepts no liability for the consequences of applying specific configuration settings made on the basis of the SRGs/STIGs. It must be noted that the configuration settings specified should be evaluated in a local, representative test environment before implementation in a production environment, especially within large user populations. The extensive variety of environments makes it impossible to test these configuration settings for all potential software configurations. For some production environments, failure to test before implementation may lead to a loss of required functionality. Evaluating the risks and benefits to a system’s particular circumstances and requirements is the system owner’s responsibility. The evaluated risks resulting from not applying specified configuration settings must be approved by the responsible AO. Furthermore, DISA implies no warranty that the application of all specified configurations will make a system 100 percent secure. Security guidance is provided for the DoW. While other agencies and organizations are free to use it, care must be given to ensure that all applicable security guidance is applied at both the device hardening level and the architectural level due to the fact that some settings may not be configurable in environments outside the DoW architecture.
Product Support:
Comments or proposed revisions to this document should be sent via email to the following address: [email protected]. DISA will coordinate all change requests with the relevant DoW organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
Point of Contact:
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|
NIST checklist record last modified on 07/07/2026
* This checklist is still undergoing review for inclusion into the NCP.
