01-07-2017 03:17 PM
Has anyone filled out a STIG for their client? We have deployed SAS 9.4 M3 Grid for our client and they want us to fill out a STIG. Has anyone has experience filling out a STIG? Thanks,
01-07-2017 08:11 PM - edited 01-07-2017 08:12 PM
In my experience the security requirements are included in the overall implementation design document. I don't believe there is such a thing as a 'standard' STIG, as each customer tends to have different requirements. Also bear in mind each customer has different security standards, something which should have been captured during the SAS design phase.
As a starting point I would simply take the security requirements from the overall design doc and put them in a separate one, then ask the customer to review it and provide feedback.