-
Notifications
You must be signed in to change notification settings - Fork 127
WhatAreOrganizationalSettings
A PowerSTIG Organizational Setting (often referred to as OrgSettings) is a mechanism used by PowerSTIG DSC composite resources to apply organization‑specific value overrides to DISA STIG rules without disabling those rules.
Organizational settings allow an organization to remain STIG‑compliant while tailoring certain rule values to meet internal policies, operational requirements, or approved risk decisions.
Many DISA STIG rules define allowable ranges or acceptable values instead of a single fixed setting. Examples include:
- Maximum or minimum numeric values
- Enabled vs disabled feature states
- Approved paths, file extensions, or configuration options
If an organization needs a value that differs from the STIG default—but still falls within the approved guidance—Organizational Settings are the correct mechanism to use.
Without Organizational Settings, teams would be forced to either:
- Skip the rule entirely, or
- Modify the STIG content itself (which breaks audit traceability)
Organizational settings are supplied to a PowerSTIG resource through the OrgSettings parameter, either as:
- A PowerShell object (hashtable), or
- A file‑based definition loaded into an object (commonly a
.psd1file)
Each organizational setting is mapped to a short STIG rule ID (V-xxxxx) and provides a value that overrides the default STIG value for that rule.
At compile time, PowerSTIG:
- Loads the STIG data for the specified
Technology,TechnologyVersion, andStigVersion - Merges any provided
OrgSettingsvalues over the default STIG values - Produces a final, deterministic configuration that is enforced by DSC
$MyOrgAdobeSettings = @{
'V-99999' = @{ Value = 'Disabled' }
'V-88888' = @{ Value = 15 }
}
Adobe AdobeBaseline
{
AdobeApp = 'AcrobatReader'
StigVersion = [Version]'2.1'
OrgSettings = $MyOrgAdobeSettings
}-
Stig Coverage (Products PowerSTIG supports)
- Stig Coverage Summary
- Adobe-AcrobatPro-2.1
- Adobe-AcrobatReader-1.6
- Adobe-AcrobatReader-2.1
- DotNetFramework-4-2.6
- DotNetFramework-4-2.7
- FireFox-All-6.6
- FireFox-All-6.7
- Google-Chrome-2.10
- Google-Chrome-2.11
- IISServer-10.0-3.5
- IISServer-10.0-3.6
- IISSite-10.0-2.13
- IISSite-10.0-2.14
- InternetExplorer-11-2.5
- InternetExplorer-11-2.6
- MS-Edge-2.3
- MS-Edge-2.4
- Office-365ProPlus-3.3
- Office-365ProPlus-3.4
- Office-Access2016-1.1
- Office-Access2016-2.1
- Office-Excel2016-1.2
- Office-Excel2016-2.2
- Office-OneNote2016-1.2
- Office-OneNote2016-2.1
- Office-Outlook2016-2.3
- Office-Outlook2016-2.4
- Office-PowerPoint2016-1.1
- Office-PowerPoint2016-2.1
- Office-Publisher2016-1.3
- Office-Publisher2016-2.1
- Office-Skype2016-1.1
- Office-Skype2016-2.1
- Office-System2016-2.4
- Office-System2016-2.5
- Office-Word2016-1.1
- Office-Word2016-2.1
- OracleLinux-8-2.3
- OracleLinux-8-2.4
- OracleLinux-9-1.1
- RHEL-7-3.14
- RHEL-7-3.15
- RHEL-9-2.3
- RHEL-9-2.7
- SqlServer-2016-Instance-3.5
- SqlServer-2016-Instance-3.6
- SqlServer-2022-Instance-1.2
- SqlServer-2022-Instance-1.3
- Ubuntu-18.04-2.14
- Ubuntu-18.04-2.15
- WindowsClient-10-3.5
- WindowsClient-10-3.6
- WindowsClient-11-2.5
- WindowsClient-11-2.6
- WindowsDefender-All-2.6
- WindowsDefender-All-2.7
- WindowsDnsServer-2012R2-2.5
- WindowsDnsServer-2012R2-2.7
- WindowsFirewall-All-2.1
- WindowsFirewall-All-2.2
- WindowsServer-2016-DC-2.10
- WindowsServer-2016-DC-2.9
- WindowsServer-2016-MS-2.10
- WindowsServer-2016-MS-2.9
- WindowsServer-2019-DC-3.6
- WindowsServer-2019-DC-3.7
- WindowsServer-2019-MS-3.6
- WindowsServer-2019-MS-3.7
- WindowsServer-2022-DC-2.6
- WindowsServer-2022-DC-2.7
- WindowsServer-2022-MS-2.6
- WindowsServer-2022-MS-2.7