-
Notifications
You must be signed in to change notification settings - Fork 127
Home
PowerSTIG is a PowerShell module updated quarterly and hosted on PowerShellGallery.com, that provides a collection of PowerShell DSC (v2) composite resources used to apply DISA STIG security baselines.
For more information, see:
what is a PowerShell Module.
what is a composite resource.
Each supported “product” is implemented as its own DSC composite resource. For example, since PowerSTIG supports the Windows 11 Client STIG, the PowerSTIG module includes a corresponding Windows 11 Client composite resource.
When you create DSC configuration files for your devices, you reference these composite resources to apply the associated security settings. The composite resources reference compiled data located in PowerStig's processed directory. This means that by just referencing the Windows 11 Client Partial Configuration, you can set hundreds of security settings with little code.
For a full list of supported products see Supported STIGs
Configuration PowerStig
{
Import-DscResource -ModuleName PowerStig -ModuleVersion 4.27.0
Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.12.0.0
Node localhost
{
WindowsClient 11-Baseline
{
StigVersion = "2.4"
OsVersion = "11"
SkipRule = 'V-253261', 'V-253445'
}
DotNetFramework 4-Baseline
{
StigVersion = "2.7"
FrameworkVersion = "4"
}
}
}
. PowerStig -OutputPath "c:\someFolder"
The above configuration (when run) will output a file named localhost.mof (localhost is from the Node localhost). This mof will contain hundreds of security settings for a Windows 11 client with dotnet