STIG configuration for IIAS

If you are running IAS version 1.0.11.1 or later, use the following procedure to configure IAS in accordance with STIG.

Before you begin

Make sure you stop the applications on IAS by running apstop. Log in as apuser or an equivalent user to perform the following task.

Procedure

  1. Run the apsetup command to configure DNS to use multiple name servers. STIG compliance requires IAS to be configured with more than one DNS server. See Configuring network with apsetup to configure more than one DNS server.
  2. Set up the banner file according to your company requirements. Information in the banner file is displayed whenever a user logs in to the IAS nodes via a console or SSH.
  3. Run security_compliance_manager to apply all possible STIG rules:
    security_compliance_manager –stigAll
    For more details about the security_compliance_manager command, see Security hardening with the security_compliance_manager tool.