Desktop Applications General STIG Ver 4, Rel 5 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Standalone XCCDF 1.1.4 - Sunset - Desktop Applications General STIG - Ver 4, Rel 5
- Defense Information Systems Agency
Target:
Target | CPE Name |
---|---|
Mcafee VirusScan 7.0 | cpe:/a:mcafee:virusscan:7.0 (View CVEs) |
Microsoft Frontpage 2002 | cpe:/a:microsoft:frontpage:2002 (View CVEs) |
Microsoft Frontpage 2003 | cpe:/a:microsoft:frontpage:2003 (View CVEs) |
Microsoft Internet Explorer | cpe:/a:microsoft:ie (View CVEs) |
Microsoft Office 2000 | cpe:/a:microsoft:office:2000 (View CVEs) |
Microsoft Office 2003 | cpe:/a:microsoft:office:2003 (View CVEs) |
Microsoft Office 2007 | cpe:/a:microsoft:office:2007 (View CVEs) |
Microsoft Office 2007 SP1 | cpe:/a:microsoft:office:2007:sp1 (View CVEs) |
Microsoft Office XP | cpe:/a:microsoft:office:xp (View CVEs) |
Microsoft Outlook 2000 | cpe:/a:microsoft:outlook:2000 (View CVEs) |
Microsoft Outlook 2002 | cpe:/a:microsoft:outlook:2002 (View CVEs) |
Microsoft Outlook 2007 | cpe:/a:microsoft:outlook:2007 (View CVEs) |
Microsoft Word 2007 | cpe:/a:microsoft:word:2007 (View CVEs) |
Netscape Navigator | cpe:/a:netscape:navigator (View CVEs) |
Symantec Norton Antivirus 10.0 | cpe:/a:symantec:norton_antivirus:10.0 (View CVEs) |
Symantec Norton Antivirus 9.0 | cpe:/a:symantec:norton_antivirus:9.0 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Desktop Applications General STIG
- Checklist ID:
- 9
- Version:
- Ver 4, Rel 5
- Type:
- Compliance
- Review Status:
- Archived
- Authority:
- Governmental Authority: Defense Information Systems Agency
- Original Publication Date:
- 12/03/2009
Checklist Summary:
This Desktop Application Security Checklist provides the procedures for conducting a Security Readiness Review (SRR) to determine compliance with the requirements in the Desktop Application Security Technical Implementation Guide (STIG). This Checklist document must be used together with the corresponding version of the STIG document. This SRR guide focuses strictly on Symantec Antivirus Corporate Edition v9.x and v10.x, McAfee VirusScan v7.x and v8.x, Netscape Navigator, Internet Explorer, Outlook 2000, XP, 2003 and MS Office 2000, XP, 2003. Additionally, this checklist ensures the site has properly installed and implemented specific desktop applications and that it is being managed in a way that is secure, efficient, and effective, through procedures outlined in the checklist. The items reviewed are based on standards and requirements published by DISA in the Security Handbook and the Database Security Technical Implementation Guide. The procedures in this document are part of the effort to ensure that the security configuration guidelines required by Department of Defense (DOD) Directive 8500.1, Information Assurance, and other relevant guidance have been properly implemented.
Checklist Role:
- Desktop Client
Known Issues:
- The user account from which Desktop Application Gold Disk is run must have Administrator privileges and have the User Right: Manage Auditing and Security Log. - Only the configuration checks that are included in the Desktop Application Gold Disk (Internet Explorer and Microsoft Office) will be evaluated as part of the formal review process. The IAVMs and security patches included on the Desktop Gold Disk are not evaluated as part of the Desktop Application review because they are already covered in either the appropriate Windows Operating System Gold Disk or the appropriate Post Gold Disk Scripts. These will remain in the Desktop Application Gold Disk for the SAs use.
Target Audience:
Developped for the DOD. This checklist has been created for IT professionals, particularly Windows system administrators and information security personnel. The document assumes that the reader has experience installing and administering applications on Windows-based systems in domain or standalone configurations.
Target Operational Environment:
- Managed
- Specialized Security-Limited Functionality (SSLF)
Testing Information:
Not provided.
Regulatory Compliance:
DOD Directive 8500.
Comments/Warnings/Miscellaneous:
Please refer to the Checklist or the README.TXT files provided with the scripts for any comments, warnings, or detailed instructions
Disclaimer:
Not provided.
Product Support:
It should be noted that FSO Support for the STIGs, Checklists, and Tools is only available to DOD Customers.
Point of Contact:
disa.stig_spt@mail.mil
Sponsor:
Not provided.
Licensing:
Not provided.
Change History:
Version 4, Release 3 26-October-2012 Version 4, Release 2 27-April-2012 Version 4, Release 1 03-December-2009 Version 4, Release 4 30-October-2014 Updated point of contact field Updated Resource Title - 15 January 2015 Changed Status from "Under Review" to "Final" - 18 February 2015 null Updated URL to reflect change to the DISA website - http --> https moved to archive status - 4/15/19 Updated URLs - 6/24/19 updated URLs - 9/11/19
Dependency/Requirements:
URL | Description |
---|---|
https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/unclassified_windows_desktop_apps_stig_v4r1_memo.pdf | Sunset - Desktop Applications Memo |
References:
Reference URL | Description |
---|