🛡️ Free practice test question from: STIG vs. CIS (Security+)

STIGs (Security Technical Implementation Guides) are configuration standards developed by the Defense Information Systems Agency (DISA) for the U.S. Department of Defense (DoD). They are mandatory for systems within the DoD and other federal agencies. They are very prescriptive and specific.
CIS Benchmarks are consensus-based best-practice configuration guidelines developed by the Center for Internet Security (CIS). They are developed through a community process involving experts from various industries, academia, and government. They are widely recognized and used across various sectors, not just government.

A) Both STIGs and CIS Benchmarks cover a wide range of software and systems, including both proprietary and open-source.

B) Both STIGs and CIS Benchmarks are updated regularly to address new vulnerabilities and threats, although their update cycles may differ.

C) Both STIGs and CIS Benchmarks address a broad spectrum of security concerns, including network infrastructure, endpoint protection, and application security. They are not limited to just one area.