TickYouOff
Sign in
Back
🔒

Defender Antivirus STIG Checklist

Medium 21 items · 3 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist translates the Microsoft Windows Defender Antivirus STIG (Ver 2, Rel 7) into practical implementation steps. It’s for system administrators and security teams who need to deploy, configure, and validate Defender settings across managed Windows environments.

Source: https://ncp.nist.gov/checklist/807

Progress
0 / 21
  1. Gather STIG resources — Collect SCAP, XCCDF, GPO, Intune and SCC artifacts before configuring
  2. Download SCAP 1.3 content — Obtain the SCAP benchmark package for automated validation
  3. Download GPOs and SCC resources — Get the latest Group Policy Objects and SCC content files
  4. Download Intune policies and automated content — Fetch Intune policy bundles if managing endpoints via Intune
  5. Review STIG summary and change history — Confirm applicability, authority (DoDI 8500.01), and recent updates
  6. Enable real-time protection — Turn on Defender real-time scanning on all endpoints
  7. Enable cloud-delivered protection — Activate cloud protection to improve detection speed
  8. Enable automatic sample submission — Allow safe automatic sample uploads to Microsoft for analysis
  9. Enable Tamper Protection — Prevent unauthorized changes to Defender settings
  10. Configure signature and platform update sources — Set update cadence and sources (Microsoft Update or WSUS/SCCM)
  11. Import and apply GPOs to domain — Import STIG-provided GPOs and link to appropriate OUs
  12. Import and apply Intune policies — Deploy Intune policy bundles to enrolled devices
  13. Run SCC/SCCM validation tools — Use provided SCC or SCAP tools to validate STIG settings
  14. Schedule regular quick and full scans — Create scan schedules to balance coverage and performance
  15. Configure minimal exclusions and document exceptions — Allow exclusions only when justified; record rationale
  16. Enable network protection and exploit mitigation — Activate network protection and latest exploit defenses
  17. Configure logging and central event collection — Send Defender operational logs to SIEM or central log store
  18. Backup GPOs and record configuration baseline — Export policy backups and save a configuration snapshot
  19. Test detections and update response playbooks — Run detection tests and validate incident response steps
  20. Monitor update status and remediate failures weekly — Check definitions and platform patching; fix failures
  21. Review and document compliance with DoDI 8500.01 — Confirm STIG alignment with DoD security requirements
Sign in to save
📝 My Notes