heartreqop.blogg.se

So, start with the MS SCM baseline, create GPO, deploy GPO, create DCM baseline from the SCAP STIG files, deploy DCM baseline, and see what is non-compliant after the GPO is applied.Īddress individual GPO settings to achieve compliance. Once you have an SCCM baseline from your STIG, you can audit a test machine for compliance and see where the gaps are. Here is a guide for converting SCAP files (from DISA) to SCCM DCM baseline items. One thing you can look at is the SCAP extensions for SCCM (

Still have to review each setting, but I found I have done this in the past, and actually used SCM, cloned the MS SCM baseline for Win10, then went through and made the changes for STIG. Is anyone aware of a way to import this xccdf content into the Microsoft SCM?Įssentially.you are stuck with creating an initial STIG baseline. Unfortunately this file can't be imported into the Microsoft SCM to allow a backup to That would actually work in this scenerio.ĭISA provides a Manual-xccdf.xml file which contains all the STIG settings and that is able to be imported into STIG view application as well as other compliance tools. I see other threads on this regarding using the Microsoft Security Compliance Manager to somehow accomplish this but I have yet to find a solution I am wondering if anyone is aware of a better or easier way to configure/import DISA STIG settings into a GPO. The STIG settings into a actual GPO is to manually configure each of the 200+ settings in the GPO. So this appears to mean the only way to get Unfortunately I have checked with DISA and they indicated they do not provide an actual GPO backup, they indicated that administrators must configure the settings themselves based on their guidance in the STIG. To easily import the complete set of settings directly into an actual GPO for testing / deployment. Ideally DISA would provide a official group policy backup /template file with all the settings configured in their STIG files, allowing administrators I am looking at the best way to configure the DISA STIG group policy settings for Windows 10 Enterprise.