DISA STIG Viewer checklists

DISA's Security Technical Implementation Guide (STIG) is the basis for evaluation of the security of all government applications. The STIG is intended to be used throughout the life cycles of these applications in order to provide security assurance for these applications. Contrast’s compliance reporting can provide a listing of the vulnerabilities found in your application that violate guidelines of multiple STIGs.


An application must have an Assess license to generate a DISA STIG report.


Before DISA STIG reports can be generated, a SuperAdmin user must Enable DISA STIG Checklist reporting for the organization. In the SuperAdmin portal, navigate to Organizations and click an organization to find this option.

Generate a STIG Viewer checklist

STIG Viewer creates custom checklists with multiple STIGs for compliance reporting. You must import your application's checklist to get the DISA STIG report on those vulnerabilities from Contrast.

To generate a STIG Viewer checklist:

  1. Go to the Applications page and select an application.

  2. In the application’s Overview page, click the reporting icon and select Generate STIG Viewer Checklist.

  3. In the dialog that appears, import a STIG Viewer checklist (.ckl) file. This file must be a checklist exported from the STIG Viewer application.

  4. Click Generate to download an updated STIG Viewer checklist (.ckl) file.