TickYouOff
Sign in
Back
🔒

Microsoft Defender Antivirus STIG Implementation (Ver 2, Rel 7)

Medium 21 items · 2 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist guides general administrators through implementing the Microsoft Defender Antivirus STIG (Ver 2, Rel 7). It covers obtaining official resources, deploying GPO/Intune policies, verifying integrity, running compliance scans, and documenting changes for security teams.

Source: https://ncp.nist.gov/checklist/807

Progress
0 / 21
  1. Obtain official STIG from IASE — Download the STIG package from the IASE site (iase.disa.mil).
  2. Download STIG resources
  3. Download SCAP 1.3 content (SCAP benchmark) — Use the SCAP benchmark for automated compliance scans.
  4. Download Group Policy Objects (GPOs) and resources — Get GPO files and supporting resource bundles for AD deployment.
  5. Download Intune policies and SCC automated content — Grab Intune policy packages and SCC/SCCM content for automation.
  6. Verify SHA checksums for downloaded files — Compare file SHAs with DISA-provided checksums before import.
  7. Import GPOs into Active Directory — Import only validated GPO files for controlled deployment.
  8. Test imported GPOs in a lab OU — Validate settings apply correctly without breaking endpoints.
  9. Link GPOs to target OUs — Apply policies to representative organizational units first.
  10. Deploy Intune policies to managed endpoints — Use staged rollouts for large environments to limit impact.
  11. Enable real-time and cloud-delivered protection — Turn on both to increase detection and protection coverage.
  12. Enable Tamper Protection — Prevent unauthorized changes to Defender settings.
  13. Configure signature update source and schedule — Set Windows Update, WSUS, or other approved update sources and frequency.
  14. Configure automatic and scheduled scans — Schedule daily quick scans and weekly full scans as needed.
  15. Configure approved exclusions per policy — Only add exclusions that are formally approved by security policy.
  16. Enable detailed event logging and forward to SIEM — Ensure events are collected and forwarded to central logging.
  17. Run SCAP/XCCDF compliance scan and remediate findings — Execute compliance scans and address deviations promptly.
  18. Record and document policy versions, SHAs, and changes — Log version numbers, SHAs, dates, and approvers for audits.
  19. Schedule regular resource and policy update reviews — Set reminders to check DISA updates and new STIG revisions.
  20. Verify SCC/SCCM integration and automated content updates — Confirm automated content pulls and deployments function correctly.
  21. Contact STIG point of contact for questions — Email the DISA POC at [email protected] for clarifications.
Sign in to save
📝 My Notes