The purpose of the SRG/STIG Applicability Guide and Collection Tool is to
assist the SRG/STIG user community in determining what SRGs and/or STIGs apply
to a particular situation or Information System (IS) and to create a fully
formatted document containing a “Collection” of SRGs and STIGs applicable to the
situation being addressed.
The ISs or situations covered include a Base/Camp/Post/or Station (B/C/P/S),
facility, Program /Service/major application, enclave, network, system, device,
or vendor’s product.
The document consists of two main parts, the Guide and the
Tool. The Guide is a listing of all SRGs and STIGs coupled with an
explanation of the scope or coverage of each along with a table of items to
which the SRG/STIG is applicable. The Tool is a structured selection
process which takes the form of a flow chart / decision tree that will guide the
user to the applicable SRG(s) and/or STIG(s) based on user interaction and
decisions. The Collection document is created as the user interacts
with the Tool and selects the applicable SRG(s) and/or STIG(s) to which they
have been guided.
The Collection document can serve as an artifact in the System
Authorization and Risk Management processes.
Complete instructions are included in the SRG/STIG Guide/Tool distribution
package and a Quick Start Introduction & Demonstration Video is
The following additional supporting documents are included in the SRG/STIG
Guide/Tool distribution package:
- * ABOUT - SRG, CCI, STIGs, Checklists, Tools, and Automation which provides
definitions and discussions of the items in the title along with other topics of
- * HOW TO VIEW - SRGs and STIGs which provides information regarding the
various methods for viewing SRGs and STIGs that are published in XCCDF format.
The SRG/STIG Applicability Guide and Collection Tool will be updated
periodically to include the most recent new SRG/STIG releases and sunset
For assistance, please contact firstname.lastname@example.org
NOTICE: The SRG/STIG Applicability Guide and Collection Tool document is being republished with an updated Code Signing Certificate. The instructions for validation can be found in the READ ME FIRST document in the .zip package. The related instructions in the Quick Start Introduction & Demonstration Video have not been updated, but will be at a later date.