STIG Update – STIG Viewer Version 2.9

STIG Update – STIG Viewer Version 2.9

DISA has released STIG Viewer Version 2.9. This latest version of STIG Viewer is available at

Updates in Version 2.9 include the following additions:
– NIST SP 800-53 revision 4 control IDs to CSV exports of STIGs and Checklists
– Status to Checklist filters.
– Ability to create filtered Checklists from STIG filter results.
– Ability to filter on STIG names to the top of the STIGs list
– FQDN (fully-qualified domain name) to Checklist CSV export.

 For all STIG related questions, please contact the DISA STIG Customer Support Desk:

SRR Findings to IA Controls

From Reader:

I stumbled upon your site and am new to security working for a contractor. I’m attempting to complete a DIACAP POA&M and need to map SRR findings to IA controls – any idea where I might find this information?

The SRR finding reference the DOD Unix STIG and NIPR STIG. It doesn’t seem to completely match up the the DIACAP IA Controls, but that is where a good system security engineer/ IA analyst comes in.

Once you’ve got your SRR results, IA Control compliance and mitigation depends on your situation. There are a few that map directly (like Screen Saver) but most of the SRR findings will fall under one or two of the IA Controls.

Hope this helps.