/STIGSupport

This PowerShell module contains several functions to help an administrator automate tasks involving STIGViewer's CKL files.

Primary LanguagePowerShellMIT LicenseMIT

STIGSupport Documentation

There are two parts to this repository. First you have the StigSupport.psm1 powershell module. This contains all the code necessary for loading, and interacting with the CKL and XCCDF files. Second, there is a folder called Utility, which contains scripts that utilize the module to perform more complex operations. All the scripts assume your powershell session has the module imported. Ensure you import it first!

Several of the PowerShell functions require a checklist template. This is just an empty checklist file as saved from the DISA STIG viewer application or as exported from the included Convert-ManualXCCDFToCKL function. In order to work with a checklist, it needs to be loaded into memory first.

Update for JSON/V3 supported files

The v3format branch was added to support the new CKLB/v3/json checklist format. The new file format necessitated a major overhaul of the module and the new branch should be considered an alpha project.

Example usage

Here is a basic example on how to get the result of a check from a checklist, set it to something else, then save the checklist.

#Module is required for all CKL/XCCDF commands
Import-Module "C:\Example\Module\StigSupport.psm1"
#Load the checklist into memory
$CKLData = Import-StigCKL -Path "C:\CKLs\MyCKL.ckl"
#Write the current result of V-11111
Write-Host (Get-VulnCheckResult -CKLData $CKLData -VulnID "V-11111")
#Set the result of V-11111
Set-VulnCheckResult -CKLData $CKLData -VulnID "V-11111" -Details "Not set correctly" -Comments "Checked by script" -Result Open
#Save our changes back to the checklist
Export-StigCKL -CKLData $CKLData -Path "C:\CKLs\MyCKL.ckl"

Repository Structure

This repository is split into three sections:

  • Module: Module required for all scripts
  • Utility: Misc. utilities to facilitate work with CKL files. View the readme under the utility folder for more information.
  • Checks: Utility to automatically perform checks and fill out CKL files

For more information on each section, please review that section's readme file.

Alternate Resources

Microsoft PowerStig PowerShell modules that utilize DSC to enforce STIG compliance.

Matt Preston's PowerStigScan PowerShell module that utilizes PowerStig to scan resources using DSC.