Skip to main content

DISA STIG Viewer checklists

DISA's Security Technical Implementation Guide (STIG) is the basis for evaluation of the security of all government applications. The STIG is intended to be used throughout the life cycles of these applications in order to provide security assurance for these applications. Contrast’s compliance reporting can provide a listing of the vulnerabilities found in your application that violate guidelines of multiple STIGs.


An application must have an Assess license to run a DISA STIG report.

Before DISA STIG reports can be run, a SuperAdmin must enable it. Select SuperAdmin in the user menu, then select Organizations in the header. In the window that appears, select the box to Enable DISA STIG Checklist reporting and select Save.

STIG Viewer creates custom checklists with multiple STIGs for compliance reporting. You must import your application's checklist to get the DISA STIG report on those vulnerabilities from Contrast.

To run a STIG Viewer checklist:

  1. Go to the Applications page and select an application.

  2. In the application’s Overview page, click the reporting icon and select Generate STIG Viewer Checklist.

  3. In the window that appears, import a STIG Viewer checklist (.ckl) file. This file must be a checklist exported from the STIG Viewer application.

  4. Click Generate to download an updated STIG Viewer checklist (.ckl) file.