PowerStigDsc HAS MOVED This project has been migrated into PowerStig and is currently archived.

Branch	Status
master

PowerStigDsc is a Windows PowerShell Desired State Configuration (DSC) composite resource to manage the configurable items of the DISA STIG's. This is accomplished by using OSS DSC Resources that are specialized to a specific area of the STIG from the PowerShell gallery. PowerStigDsc depends on an external module PowerStig for the STIG data and multiple DSC resources to apply the setting. All of the required dependencies are defined in the module manifest so they are automatically downloaded if you install PowerStigDsc from the PowerShell Gallery.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Please check out common DSC Resources contributing guidelines.

Thank you to everyone that has reviewed the project and provided feedback through issues. We are especially thankful for those who have contributed pull requests to the code and documentation.

• @athaynes (Adam Haynes)
• @bgouldman (Brian Gouldman)
• @camusicjunkie
• @chasewilson (Chase Wilson)
• @jcwalker (Jason Walker)
• @mcollera
• @regedit32 (Reggie Gibson)

• Browser: Provides a mechanism to manage Browser STIG settings.

• SqlServer: Provides a mechanism to manage SqlServer STIG settings.

• WindowsDnsServer: Provides a mechanism to manage Windows DNS Server STIG settings.

• WindowsFirewall: Provides a mechanism to manage the Windows Firewall STIG settings.

• WindowsServer: Provides a mechanism to manage the Windows Server STIG settings.

Provides a mechanism to manage Browser STIG settings.

None

• [String] BrowserName (Mandatory): The version of the Browser that the configuration is applying to.
• [String] BrowserVersion (Optional): The Browser version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
• [Hashtable] Exception (Optional): A hash table of the exceptions that should be applied to the server. The hashtable must be in the format StigId = Exception.
• [Xml] OrgSetting (Optional): An XML document that contains the values for settings that contain a range of possible values.

• Apply the Browser STIG to a node

Provides a mechanism to manage SqlServer STIG settings.

None

• [String] SqlVersion (Mandatory): The version of SQL being used.
• [String] SqlRole (Mandatory): The scope of SQL that the STIG covers. E.g. Instance, Database.
• [Version] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
• [String] ServerInstance (Mandatory): The name of the SQL Instance that the STIG data will be applied to.
• [String] Database (Optional): The Name of the database that the STIG will be applied to.
• [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
• [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
• [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
• [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.

• Apply the Windows SQL Server STIG to a node
• Apply the Windows SQL Server STIG to a node, but override the value of V-V-40942
• Apply the Windows SQL Server STIG to a node, but skip V-V-40942
• Apply the Windows SQL Server STIG to a node, but skip SqlScriptQueryRule

Provides a mechanism to manage Windows Dns Server STIG settings.

None

• [String] OsVersion (Mandatory): The version of the server OS that the configuration is applying to.
• [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
• [String] ForestName (Optional): The FQDN of the forest the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
• [String] DomainName (Optional): The FQDN of the domain the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
• [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
• [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
• [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
• [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.

• Apply the Windows DNS Server STIG to a node
• Apply the Windows DNS Server STIG to a node, but override the value of V-1000
• Apply the Windows DNS Server STIG to a node, but skip the V-1000 setting
• Apply the Windows DNS Server STIG to a node, but skip the AuditPolicyRules

Provides a mechanism to manage the Windows Firewall STIG settings.

None

• [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
• [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
• [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
• [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
• [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.

• Apply the Windows Firewall STIG to a node
• Apply the Windows Firewall STIG to a node, but override the value of V-1000
• Apply the Windows Firewall STIG to a node, but skip the V-1000 setting
• Apply the Windows Firewall STIG to a node, but skip the AuditPolicyRules

Provides a mechanism to manage the Windows Server STIG settings.

None

• [String] OsVersion (Mandatory): The version of the server OS that the configuration is applying to.
• [String] OsRole (Mandatory): The role of the computer the configuration applies to.
• [String] StigVersion (Optional): The version of the STIG you want to apply. If no value is provided, the most recent version of the STIG is applied.
• [String] ForestName (Optional): The FQDN of the forest the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
• [String] DomainName (Optional): The FQDN of the domain the configuration is being applied to. If a domain name is not applied, the domain of the computer used to generate the configuration is used.
• [Hashtable] Exception (Optional): A hash table of the exceptions to be applied to the server. The hashtable must be in the format StigId = Exception.
• [Xml] OrgSetting (Optional): This is an XML file that overrides the default settings of allowable ranges in the STIG.
• [PSObject] SkipRule (Optional): Rule Id/s that you do not want to be applied to the server.
• [PSObject] SkipRuleType (Optional): Rule type/s that you do not want to be applied to the server.

• Apply the latest Windows Server STIG to a node
• Apply a specific Windows Server STIG version to a node
• Apply the Windows Server STIG to a node, but override the default organizational settings with a local file
• Apply the Windows Server STIG to a node, but override the value of V-1000
• Apply the Windows Server STIG to a node, but skip the V-1000 setting
• Apply the Windows Server STIG to a node, but skip the AuditPolicyRules

• Added ModuleVersion parameter to each Import-DscResource for all composite resources
• Added support for Technology enumeration added to PowerStig 1.1.0.0

• Browser Composite
• Windows DNS Server Composite
• Windows Firewall Composite
• Windows Server Composite