Windows STIGS now (sorta) available

[Jonathan Davila]

All,

TLDR; STIG roles are available for Windows 2008 MS and 2012 MS + DC but are in a non-stable state

This was a long time coming and we finally stopped procrastinating on publishing some Windows content.

A bit of back story, a good while ago, myself along with two other Red Hat consultants (James Mighion and Branden Pleines) helped implemented Windows STIGS at California based organization. Indeed, you can say they were indirect sponsors of this role and we did get permission to publish the sanitized form to ansible lockdown. However, they did not need/want to implement 100% of everything that could have been implemented so there are some rules that are missing. This was also only tested using their environment and on vanilla AWS windows images.

Myself and the other lockdown maintainers have fairly busy day-jobs but I finally decided that we might as well release what we have and at least give people a decent starting point.

You can find them at the root repo https://github.com/ansible/ansible-lockdown

All three have WIP/YMMV type disclaimers, and as with all hardening, be careful, review the code, and test progressively. We are certainly happy to have any contributions on these roles.

Happy hardening!

-Jonathan