About STIGhub

STIGhub is a free tool to search and browse the entire DISA STIG (Security Technical Implementation Guides) library. It eliminates the need to download ZIP files and search through long XML documents.

What are STIGs?

STIGs are configuration standards published by the Defense Information Systems Agency (DISA) for securing Department of Defense (DoD) information systems. They contain detailed technical guidance for hardening operating systems, applications, network devices, and other IT infrastructure.

Features

  • Full-text search across all STIG checks with relevance ranking and keyword highlighting
  • Browse by category — filter STIGs by technology tags (Windows, Linux, network, database, etc.)
  • Version comparison — see what changed between STIG releases (added, removed, and modified checks)
  • Export checklists — download STIGs as CKL (DISA-compatible), CSV, or JSON
  • Automatic updates — STIGs are synced nightly from the DoD Cyber Exchange at public.cyber.mil
  • Public API — all data is available via REST endpoints for integration with other tools

How It Works

STIGhub automatically downloads STIG ZIP archives from DISA's public.cyber.mil site, extracts the XCCDF XML files, parses every Group and Rule into structured check records, and indexes them for full-text search using PostgreSQL's tsvector engine. Content-hash-based change detection ensures only modified STIGs are updated, and version snapshots are saved for the comparison tool.

Built By

STIGhub is built and maintained by Beacon Cloud Solutions, Inc. — a cloud-native software company specializing in security compliance tooling for the Department of Defense.

Start SearchingBrowse STIGs