Configure data based on Security Technical Information Guide (STIG)

Applies To: Windows PowerShell 5.1


Before you enable Automation State Configuration, we would like you to know that a newer version of DSC is now generally available, managed by a feature of Azure Policy named guest configuration. The guest configuration service combines features of DSC Extension, Azure Automation State Configuration, and the most commonly requested features from customer feedback. Guest configuration also includes hybrid machine support through Arc-enabled servers.

Creating configuration content for the first time can be challenging. In many cases, the goal is to automate configuration of servers following a "baseline" that hopefully aligns to an industry recommendation.


This article refers to a solution that is maintained by the Open Source community. Support is only available in the form of GitHub collaboration, not from Microsoft.

Community project: PowerSTIG

A community project named PowerSTIG aims to resolve this issue by generating DSC content based on public information provided about STIG (Security Technical Implementation Guide),

Dealing with baselines is more complicated than it sounds. Many organizations need to document exceptions to rules and manage that data at scale. PowerSTIG addresses the problem by providing Composite Resources to address each area of the configuration rather than trying to address the entire range of settings in one large file.

Once the configurations have been generated, you can use the DSC Configuration scripts to generate MOF files and upload the MOF files to Azure Automation. Then register your servers from either on-premises or in Azure to pull configurations.

To try out PowerSTIG, visit the PowerShell Gallery and download the solution or click "Project Site" to view the documentation.

Next steps