STIG Security Hardening Checklist Pro — RMF Edition (NIST 800-53 Rev 5)
Working toward an ATO — or keeping one alive through continuous monitoring? Your systems must be hardened to NIST 800-53, and your assessor and AO will want evidence. This tool walks your team through every STIG control, maps each finding to the correct 800-53 Rev 5 control, captures your evidence notes, and generates a clean, professional report you can fold straight into your System Security Plan and RMF package.
What it does A DoD-grade hardening and assessment tool that walks you control-by-control through STIG security requirements, maps every finding to its NIST 800-53 Rev 5 control, and produces ATO-ready evidence — all in a single offline HTML file. Five finding statuses, copy-paste PowerShell fix scripts, evidence notes, and a professional compliance report you can fold straight into your RMF package. No install, no internet, no subscription.
Systems covered
- Windows 10/11 workstations
- Windows Server
- Network devices (routers & switches)
- Organizational & physical controls — patch/vulnerability management, backup & recovery, physical security, and security awareness/policy
Tag every asset by environment — Production, Dev, Test, DMZ, NIPRNet, SIPRNet, Classified/Unclassified — so your evidence reflects your actual authorization boundary.
Who this is for ISSMs, ISSOs, system administrators, and assessors working toward an Authority to Operate (ATO) — or sustaining one through continuous monitoring — in federal agencies, on government networks, or any organization that uses NIST 800-53 Rev 5 as its control baseline. (Pursuing CMMC instead? Grab the CMMC Edition.)
How it works
- Enter your asset details to scope the assessment.
- Expand any category and review each STIG control.
- Assign a finding status (compliant, open, not applicable, and more).
- Click Fix Script for a copy-paste PowerShell remediation command.
- Click NIST 800-53 to see the exact Rev 5 control mapping.
- Add Evidence Notes to document your verification.
- Generate a clean compliance report for your SSP and RMF package.
STIG controls reflect DISA STIG releases current as of Q2 2026 — always verify against the latest releases at cyber.mil before formal submission. This tool supports your RMF process; it does not replace eMASS or the official STIG Viewer for ATO packages.
Built by PeregrinoTech — an ISSM with 15+ years of DoD experience. Every control, every mapping, and every remediation script reflects real-world hardening practice — not theory.
Military Precision. Cyber Defense. Real-World AI.
You will get a single, self-contained HTML file (94 KB) — runs offline in any modern browser, no install required.