Building ZTForge, a STIG-Based System Hardening Web App

3 min readOct 27, 2023

Introduction: STIG-Based System Hardening Web App

Help! Help! My photos are missing! Help! Help! The things are popping up everywhere! Help! Help! If you’re in Information Technology, you have heard so many cries for help. With each of these incidents leads to a larger problem. Why are so many of these happening?

Examining the architecture of a system requires a baseline understanding of hardening practices. But, what if it was made easier to implement a hardened system, or network?

Security Technical Implementation Guides (STIGs) are often considered the gold standard for system hardening. This article discusses the development of a web application that will allow system hardening to be automated using STIG benchmarks.

Gantt Chart

Sprints for ZTForge (Zero-Trust Forge)

Sprint 01: Project Planning (Week 1 & 2)

This will form the foundation to define scope, cost, and time. Objectives and resource allocation will pave the way for more sprints.

Sprint 02: Requirements Gathering (Week 2 & 3)

After the roadmap is established, compliance requirements, and STIG and SCAP guidelines will ensure a product backlog.

Sprint 03: Design and Architecture (Week 3 & 4)

  • Front-end Design (Week 3)
  • Back-end Architecture (Week 4)

Macroscopic views for overall design and architecture will keep this user-friendly and robust. Wireframes, and mockups will keep the user interface (UI) looking good. The scalability and security will follow Zero-Trust Architecture principles.

Sprint 04: Core Features Development (Week 5, 6, & 7)

  • User Authentication (Week 5)
  • STIG Category Filters (Week 6)
  • Toggle Switches (Week 7)
  • Real-time Monitoring (Week 7)

Core features for ZTForge development will allow secure user mechanisms, and…