Host hardening (DISA STIGs)
Security Technical Implementation Guides published by the Defense Information Systems Agency. Each STIG is a per-product hardening checklist: 250–500 specific configuration rules at three severity levels (CAT I = critical, II = high, III = moderate). All STIGs below are public-domain US government works.
12 STIGs ingested · 3,616 total rules · cross-walked to NIST 800-53 r5 via official CCI mappings.
🐧 Linux
| Product | Rules | CAT I | CAT II | CAT III |
|---|---|---|---|---|
| Oracle Linux 8V2R4 | 373 | 22 | 323 | 28 |
| Oracle Linux 9V1R3 | 455 | 20 | 420 | 15 |
| Red Hat Enterprise Linux 7V3R15 | 244 | 26 | 205 | 13 |
| Red Hat Enterprise Linux 8V2R4 | 369 | 22 | 320 | 27 |
| Red Hat Enterprise Linux 9V2R4 | 452 | 20 | 416 | 16 |
| Ubuntu 22.04 LTSV2R5 | 187 | 14 | 155 | 18 |
| Ubuntu 24.04 LTSV1R3 | 194 | 15 | 161 | 18 |
🪟 Windows
| Product | Rules | CAT I | CAT II | CAT III |
|---|---|---|---|---|
| Windows 10V3R4 | 261 | 29 | 214 | 18 |
| Windows 11V2R4 | 258 | 28 | 213 | 17 |
| Windows Server 2016V2R10 | 273 | 35 | 225 | 13 |
| Windows Server 2019V3R5 | 275 | 34 | 227 | 14 |
| Windows Server 2022V2R4 | 275 | 31 | 232 | 12 |
Source: DISA STIG Library · US-government work, public domain (in the US) · CCI → NIST 800-53 cross-walk via the official CCI List from DISA. Direct CWE / CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).