Depending on how deeply you deal with sensitive computing requirements and IT systems security, the phrase “STIG” either means:
- A Security Technology Implementation Guide, which provides a standard configuration for a given product, like an operating system, to enhance the security posture of related systems; or
- A steam-injected gas turbine; or
- The various incarnations of the helmeted, silent driver on Top Gear.
If the first definition resonated, then this new blog series is for you. STIGs, a concept originally designed for the US Department of Defense, are increasingly seen as a critical security guide for security-conscious computing in a variety of places across the public and private sectors, especially in regulated industries or sensitive environments like energy and banking. While STIGs are incredibly important, cybersecurity is built around an ecosystem, good risk management practices and conscientious cyber hygiene, not a single implementation standard.
STIGs, as a framework for platform hardening, provide incredibly useful guidance for helping to attain the often required approvals to place systems in production, also known to some as an “Authority to Operate” (ATO). They do not, however, address all of an organization’s IT security needs for their environments, Even before a systems hit production, organizations need to consider:
- How to handle vulnerabilities when they inevitably appear
- What needs to be done to extend or expand the role or footprint of a given system
- How to stay ahead of emerging threats
- What modernizing operations may look like and how it can be done
For nearly two decades, Red Hat has been helping both public and private entities adapt to changing IT security requirements and concerns, by both achieving a wide-range of security validations for our products in global markets and by providing actionable information for organizations to improve their system security footprint.
This series will examine how STIGs are used, how IT security postures incorporate and extend beyond STIGs, and what other aspects of cybersecurity CIOs and other leaders need to consider and address. Topics will include:
- Why industry leadership in security matters and what this leadership looks like in practice
- Hardening of Linux and layered technologies, like Kubernetes, and why there’s more to code hardening than just fixing bugs
- The practical implementation of security controls across systems
- Removing uncertainty and easing implementation burdens when improving IT security postures
- What it takes to manage risks inherent to software supply chains
- Extending security capabilities across (and with) an ecosystem of partners
- Holistically managing an evolving threat and vulnerability landscape
Looking ahead, our next post will tackle the concept of “hardening”—what it means in practice and why it matters to modern IT deployments, even those that may also use specific STIGs. We look forward to sharing more with you in the future!
Sobre el autor
Tara is a security compliance and risk management enthusiast, working across the organization and with partners to identify and control security risk. Tara joined Red Hat and the private sector in February 2020, after gaining experience as a 10-year federal civilian employee, most recently serving as the Cybersecurity Director and Command Information Security Officer (CISO) for Naval Facilities and Engineering Command (NAVFAC) in Washington, D.C. She has earned academic degrees from the U.S. Naval Academy and the National Defense University. Tara currently resides in Colorado with her husband and daughter where they enjoy their mini farm with dogs, chickens and dwarf goats.
Navegar por canal
Automatización
Conozca lo último en la plataforma de automatización que abarca tecnología, equipos y entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Servicios de nube
Conozca más sobre nuestra cartera de servicios gestionados en la nube
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Recursos para desarrolladores
- Soporte al cliente
- Calculador de valor Red Hat
- Red Hat Ecosystem Catalog
- Busque un partner
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit