{"id":14063732,"url":"https://github.com/PowerShellCrack/STIGSCAPWinTool","last_synced_at":"2025-07-29T16:31:30.177Z","repository":{"id":111449979,"uuid":"158395902","full_name":"PowerShellCrack/STIGSCAPWinTool","owner":"PowerShellCrack","description":"Applies DISA STIGS GPO Policy's offline","archived":false,"fork":false,"pushed_at":"2019-07-30T23:08:26.000Z","size":48,"stargazers_count":18,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-11T20:21:52.002Z","etag":null,"topics":["cci","disa","dsc","gpo","powershell","scap","stig"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PowerShellCrack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-11-20T13:43:16.000Z","updated_at":"2023-08-09T19:25:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"56a389f7-b382-4ae1-a7c2-59e38f9cf17c","html_url":"https://github.com/PowerShellCrack/STIGSCAPWinTool","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PowerShellCrack/STIGSCAPWinTool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PowerShellCrack%2FSTIGSCAPWinTool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PowerShellCrack%2FSTIGSCAPWinTool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PowerShellCrack%2FSTIGSCAPWinTool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PowerShellCrack%2FSTIGSCAPWinTool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PowerShellCrack","download_url":"https://codeload.github.com/PowerShellCrack/STIGSCAPWinTool/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PowerShellCrack%2FSTIGSCAPWinTool/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267718274,"owners_count":24133448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cci","disa","dsc","gpo","powershell","scap","stig"],"created_at":"2024-08-13T07:03:28.962Z","updated_at":"2025-07-29T16:31:29.914Z","avatar_url":"https://github.com/PowerShellCrack.png","language":"PowerShell","funding_links":[],"categories":["PowerShell"],"sub_categories":[],"readme":"# Windows STIG \u0026 SCAP Toolkit\n\n## WHAT IS IT: \t\nA PowerShell script that will take a GPO backup or SCAP XCCDF file and generate STIGs settings\nThen apply them to a Windows OS using Microsoft's LGPO.exe tool from their Security Compliance Manager Toolkit\n\n## HOW TO USE IT:\n  **ApplySTIGAndGPOs.ps1**\tThis is a more dynamic PowerShell script. This will detect roles,\n\t\t\t\t            and features and even software and install the appropriate GPO backup.\n\t\t\t\t\n  **ApplySTIGBySCAPs.ps1**\tSTILL DEVELOPING: This is the most advanced PowerShell script. This script will be a lot\n\t\t\t\t            like Linux's OpenSCAP, it will parse the XCCDF file from DISA and build a dataset\n\t\t\t\t            of all STIG components and one by one it will apply the STIG based on the configuration files.\n\t\t\t\t            Configuration files still need to be created, check out the [README.md](Configs/README.md)\n\t\t\t\t\n  **RemoveSTIGAndGPOs.ps1**\tThis script just removes the group policy folders and clear the security database.\n  \n\n## REQUIREMENTS:\t\t\n - Modules need to be downloaded. Follow [README.md](Modules/README.md) instructions in modules folder\n - STIG Naming conventions is required for STIG Tools. Follow [README.md](GPO/README.md) instructions in GPO folder\n - CCI required for SCAP Tools. Follow [README.md](CCI/README.md) instructions in CCI folder\n - SCAP Benchmarks required for SCAP Tools. Follow [README.md](SCAP/README.md) instructions in SCAP folder\n - LGPO executable required for all tools. Follow [README.md](Tools/README.md) instructions in Tools folder\n - Configs files for each STIG ID. Follow [README.md](Configs/README.md) instructions in Tools folder\n\n## WHAT IT DOES:\n   **ApplySTIGAndGPOs.ps1**: The script will read into the GPO's backup.xml inside each GUID and identify the name of the policy. Using that information it will determine if the name matches identified system information, roles, features and install products and apply them locally using Microsoft's Security Compliance Manager tool LGPO. This ultimately read the GPO settings, and builds a file with all the registry and security settings, then applies those settings within the local gpo. These settings can then be viewed using the systems gpedit.msc. All keys and settings are backed up in the temp folder and logged in log folder.\n\n## FOLDERS:\n\n    CCI\\U_CCI_List.xml \u003c-- Used with ApplySTIGBySCAPs.ps1. Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an IA control or IA best practice\t\t\t\n    Configs\\\t   \u003c-- Used with ApplySTIGBySCAPs.ps1. Configuration files for each STIG ID. These are ini like files with commands for validation and remediation steps.\t\t\t\n    Extensions\\\t   \u003c-- Used with ApplySTIGBySCAPs.ps1. PowerShell extension folder provides additional PowerShell functions\n    Modules\\\t   \u003c-- Additional PowerShell modules found in PowerShell Gallery and elsewhere\n    GPO\\\t\t   \u003c-- Used with ApplySTIGAndGPOs.ps1. Follow README.md instructions in folder\n    Logs\\\t\t   \u003c-- Output logs for LGPO and advanced logging (Use CMTRACE)\n    SCAP\\\t\t   \u003c-- SCAP Benchmark files. Follow README.md instructions in folder\n    Temp\\\t\t   \u003c-- Store generated LGPO config and pol files\n    Tools\\\t\t   \u003c-- Tools used in scripts, such as LGPO\n\tDSC\\\t\t   \u003c-- NEW. The idea is to add dsc configuration files here and and apply them along with STIGS/SCAP\n\n\n## SOURCES:\t\t\n - https://github.com/CyberSecDef/STIG\n - http://www.entelechyit.com/2017/01/02/powershell-and-disa-nist-stigs-part-1/\n - http://iase.disa.mil/stigs/compilations/Pages/index.aspx\n - https://www.powershellgallery.com/profiles/michael.haken/\n - https://github.com/alulsh/SharePoint-2013-STIGs\n - https://blogs.technet.microsoft.com/matt_hinsons_manageability_blog/2016/01/29/gpo-packs-in-mdt-2013-u1-for-windows-10/\n - https://www.microsoft.com/en-us/download/confirmation.aspx?id=55319\n - https://github.com/search?l=PowerShell\u0026q=STIG\u0026type=Repositories\u0026utf8=%E2%9C%93\n - https://github.com/mwrlabs/gists/blob/master/PowerView-with-RemoteAccessPolicyEnumeration.ps1\n - https://github.com/Microsoft/PowerStig\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPowerShellCrack%2FSTIGSCAPWinTool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPowerShellCrack%2FSTIGSCAPWinTool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPowerShellCrack%2FSTIGSCAPWinTool/lists"}