DISA Windows Gold Disk Program Phased Out
The Defense Information Systems Agency's Windows Gold Disk project will be terminated Dec. 31, 2012. The last updated version of the tool will be released in October. Previous Gold Disk users will transition to enterprise-level security scanning solutions.
The Windows Gold Disk tool is a system administrator tool that allows the administrator to scan a system for vulnerabilities, apply security and Information Assurance Vulnerability Management (IAVM) patches, and automate the process to configure the system to be in compliance with the DISA Security Technical Implementation Guide (STIG) for Windows.
Windows Gold Disk requires the system administrator to manually run each scan on each individual system.
As the Windows Gold Disk system is phased out, organizations will transition to assessing STIG compliance via the Host Based Security System (HBSS) and the Security Content Automation Protocol (SCAP) Compliance Checker (SCC).
HBSS and SCC have the capability to check STIG compliance across the network, versus on an asset-by-asset process.
These tools can be used in conjunction with automated STIG benchmarks provided by DISA. Benchmarks exist for various Windows and Unix platforms, Windows applications (e.g. IE8, IE9), and IAVMs.
DISA Field Security Operations (FSO) will provide help desk support to Gold Disk users until the termination date. After December, a "scan only" CD will be posted and available on the Information Assurance Support Environment (IASE) webpage. However, starting Jan. 1, 2013 FSO will not provide any further updates or provide help desk support for the tool.
Information technology security specialists, information assurance officers, information assurance managers, and system administrators are encouraged to visit the Gold Disk-related frequently asked questions on the IASE for additional information.
Individuals may also contact the FSO Customer Support Disk at 717-267-9264, DSN 570.
Posted September 18, 2012