US-Based Small Business

Centralized STIG Scanning, Tracking, and Reporting

Most organizations manage STIG compliance with disconnected tools, manual checklists, and incomplete scripts. StigSanctum replaces the fragmentation with a single database-driven platform. Execute DISA STIG checks across Windows, Linux, SQL Server, Azure SQL, Exchange, and network devices. Track compliance over time, generate checklists and documentation, remediate findings, and be audit-ready every day.

Schedule Consultation See How It Works
StigSanctum Compliance Dashboard
66 STIG benchmarks 5,000 StigIDs Agentless No EXE/MSI installer Air-gap compatible Built by a DISA STIG author

Deployment Model & Supported STIGs

Agentless scanning that uses protocols your network already supports. No installers, no internet.

StigSanctum Repository Architecture

Requirements

  • One Windows management server with PowerShell 5.1
  • SQL Server for centralized compliance data and scan history (Express supported)
  • Standard network connectivity to targets (WinRM, SSH)

Deployment

  • No agents installed on target systems
  • No EXE or MSI installer; deploys via file copy
  • Air-gap / SCIF compatible; no internet required; transfer via approved media
  • Role-based access control for multi-user environments

Capabilities

  • Automated scanning with results stored and tracked over time
  • Built-in remediation with preview before applying changes
  • Browser-based dashboard for findings, trends, and reporting
  • Automated CKLB checklists and system documentation
  • Incremental rescans; never STIG from scratch again

66 STIG Benchmarks

Platform Benchmarks Count
Cisco IOS, IOS-XE, IOS-XR, NX-OS, ACI, ASA, ISE 24
Juniper EX Series, SRX Services Gateway, Router 9
SQL Server 2016 & 2022 Instance, 2016 & 2022 Database 4
Azure SQL Database, Managed Instance 2
Windows Server 2019, 2022, 2025, Defender Antivirus, Defender Firewall, DNS 6
Exchange 2016 Edge & Mailbox, 2019 Edge & Mailbox 4
Linux RHEL 8, RHEL 9, RHEL10, Ubuntu 22.04, Ubuntu 24.04 5
Browsers Chrome, Edge, Firefox, Internet Explorer 11 4
Active Directory Domain, Forest 2
IIS 10.0 Server, Site 2
Office 365 ProPlus, Office 2016 2
Other Windows 11, .NET Framework 4.0 2

Workflow

Install, scan, track, report. Only update what changes.

1

Deploy & Register

Run the PowerShell GUI to file copy, install the StigSanctum module, and create the SQL database. Register your assets: servers, instances, databases, Linux hosts, and network devices; or StigSanctum detects applicable benchmarks automatically.

2

Scan & Store

Execute STIG checks remotely via WinRM or SSH. Each result maps to a DISA STIG vulnerability and is stored in the SQL database with timestamps. Subsequent scans update only changed findings. Eliminate the repetitive work.

3

Review & Remediate

View findings in the web dashboard or SQL directly. Apply automated remediation or follow detailed advice for manual changes. Update findings with comments to the proper status which exports to the checklists.

4

Export & Report

Generate CKLB checklists for DISA STIG Viewer and eMASS, export system documentation, and track trends over time for management. When quarterly STIG updates release, apply a GUI-based upgrade.

StigSanctum Finding Review

Review findings with full STIG details, remediation guidance, and suggested comments.

Why StigSanctum

One platform replaces STIG Viewer, manual checklists, disjointed scripts, and incomplete scanners

Database-Driven History

Every scan result is stored in SQL Server with timestamps. Track when findings were introduced, when they were resolved, and prove compliance progression to auditors with queryable data instead of static checklists.

Incremental Updates

Your initial scan establishes a baseline. Subsequent scans only update changed findings. Expired findings (approved findings that are no longer valid) are automatically detected. New STIG versions are scanned with updated checks. Updates take minutes.

Automated Remediation

Built-in remediation engines for Windows registry, audit policy, account policy, user rights, IIS, Active Directory, DNS, Exchange, SQL Server, and Cisco/Juniper CLI. Preview changes before applying. Automated remediation scripts cover over 80% of StigIDs.

Azure SQL Coverage

The only STIG tool with coverage for both Azure SQL Database and Azure SQL Managed Instance, built by the team that wrote those STIGs for DISA. On-premises and cloud SQL compliance in one place with direct author experience.

Common Alternatives

Capability StigSanctum STIG Viewer + .cklb Workflows Ad-hoc PowerShell Scripts Vendor SCAP Tools
Centralized Storage SQL Server with full history No. Individual .cklb files No. CSV/text output Varies by vendor
Historical Trending Compliance tracked over time No. Point-in-time only No built-in tracking Limited delta reporting
Incremental Rescans Updates only changed findings No. Full manual re-evaluation No. Full re-execution Full scan each time
SQL Server STIGs 2016 & 2022, Instance + Database Manual review of each check Partial, varies by author Limited or no coverage
Azure SQL STIGs Database + Managed Instance No tooling support Rarely implemented No coverage
Automated Remediation 82% coverage with preview mode No. Manual fixes only One-off scripts Varies
Expert Support Direct access to DISA STIG author Self-service Internal only Vendor support

Reporting & Analytics

Power BI integration for executive reporting alongside the built-in web dashboard

StigSanctum Executive Summary Report

Executive compliance summary with trends and severity breakdown

StigSanctum Asset Analysis Report

Per-asset compliance breakdown with finding status detail

Built by a STIG Author

StigSanctum was built after years of implementing STIG compliance in DoD environments working at DISA and Microsoft where existing tools were fragmented, incomplete, or required assembling multiple disconnected solutions. With over 15 years architecting and securing SQL Server environments for DoD customers, the same problems kept repeating. Teams spent weeks on manual checklists, lost compliance history between reviews, and maintained half-baked scripts.
There needed to be a better way.

We didn't just implement STIGs; we helped write them. StigSanctum is built on that direct authorship experience. The scan checks are written by people who defined what the DISA guidance says. We understand the intention behind every check. We've solved these problems before and built the tool to prove it.

DISA STIG Contributions

  • Team lead designer of the Azure SQL Managed Instance STIG
  • Core team member designing the Azure SQL Database STIG
  • Primary contributor and maintainer of the SQL Server 2016 & 2022 STIGs
  • Ongoing advisory role with DISA for SQL STIG revisions

Credentials

  • Former Microsoft Senior Cloud Solution Architect
  • 15+ years securing SQL Server for DoD and Federal
  • Cleared resources available
CASP+ Security+ Power BI Azure DBA Azure AI Azure Data Science

Licensing

Annual licensing with optional implementation and consulting services

Free

Trial

Free Download

7 curated benchmarks with full scanning capability. Evaluate on your own infrastructure, no commitment required.

  • 7 benchmarks (~170 STIGs)
  • Unlimited assets
  • SQL Server database
  • Web dashboard
  • Historical trending
  • No checklist export
  • No documentation export
  • No remediation
Request Trial
Production

Standard

Contact for Pricing

All 66 benchmarks with CKLB checklist export and documentation generation for production compliance workflows.

  • All 66 STIG benchmarks
  • 50 servers / 50 instances / 250 databases
  • CKLB checklist export
  • Documentation export
  • Web dashboard
  • Historical trending
  • Quarterly STIG updates
  • No automated remediation
  • Email support
Request Quote
Recommended

Enterprise

Contact for Pricing

Unlimited assets with automated remediation, scheduled scanning, multi-user access, and direct access to the STIG expert who built it.

  • Everything in Standard
  • Unlimited assets
  • Automated remediation
  • Scheduled scans
  • Multi-user RBAC
  • Priority support
  • Direct STIG expert access
  • Consulting available
Request Demo

Consulting Services

Hands-on guidance from a DISA STIG author with 15+ years of DoD deployment experience

Implementation

Architecture review, installation, configuration, and training to deploy StigSanctum in your environment, including air-gapped and classified networks.

Custom Development

Custom compliance checks and remediation scripts for requirements beyond standard STIGs. Scan organizational policies, local security baselines, or vendor-specific configurations.

Audit Preparation

CCRI, Inspector General, and security audit readiness. Review your compliance posture, address gaps, and verify documentation is audit-ready before the assessors arrive.

Ongoing Support

Quarterly reviews aligned to DISA STIG release cycles, script updates for new benchmarks, and direct access to the developer as your environment evolves.

Replace Manual STIG Reviews with Automated, Trackable Compliance

See the platform running against your own infrastructure. Free consultation, no commitment.

Schedule Consultation View Licensing

Get Started

Request a trial, schedule a demo, or discuss your STIG compliance requirements