Every scan result is stored in SQL Server with timestamps. Track when findings were introduced and resolved. Prove compliance progression to managers and auditors with queryable data.
Initial scan establishes a baseline. Subsequent scans update changed findings. Expired findings are automatically detected. Manage findings individually or en masse.
Built-in remediation for Windows registry, audit policy, account policy, user rights, IIS, AD, DNS, Exchange, SQL Server, and Cisco/Juniper CLI. Preview changes before applying.
| Capability | StigSanctum | STIG Viewer + Manual | Custom Scripts | Enterprise SCAP |
|---|---|---|---|---|
| Centralized Storage | SQL Server with history | .cklb files on disk | CSV/text output | Vendor-specific |
| Historical Trending | Tracked over time | Point-in-time | No tracking | Limited delta |
| Incremental Rescans | Changed findings only | Full manual review | Full re-execution | Full scan each time |
| Azure SQL STIGs | Database + MI | No tooling | Rarely implemented | No coverage |
| Remediation | 82% with preview | Manual fixes | One-off scripts | Varies |
| Expert Support | DISA STIG author access | Self-service | Internal only | Vendor support |
Run the PowerShell Installer. Register assets, assign permissions. StigSanctum detects applicable benchmarks.
Execute STIG checks via WinRM or SSH. Each result is stored in SQL Server. Subsequent scans update findings.
View findings in the dashboard or PowerBI. Apply automated remediation. Document findings.
Generate CKLB checklists, export documentation, track trends. Quarterly STIG updates take minutes.
Free Download
Contact for Pricing
Contact for Pricing
StigSanctum was created by a former Microsoft Senior Cloud Solution Architect with 15+ years securing SQL Server environments for Federal customers. The founder is the lead designer of the Azure SQL Managed Instance STIG, a core team member on the Azure SQL Database STIG, and primary contributor to the SQL Server 2016 and 2022 STIGs.