Documentation
Everything you need to deploy and operate Baseline Authority.
Quick Start Guide
Go from download to full STIG compliance in minutes.
Download the Local Authority Engine
Visit the Downloads page on your internet-connected workstation and download the installer.
Install on your target Windows system
Run the installer. No dependencies required — the engine is fully self-contained.
Download the appropriate Baseline Pack
Choose the .bapack file matching your target platform (e.g., Windows 11 23H2 Standalone STIG V2R2).
Transfer both files to your isolated environment
Transfer the installer and .bapack file into your isolated environment using approved media. Verify SHA-256 hashes after transfer to confirm file integrity (hashes are displayed on the Downloads page).
Launch the engine
Start the Local Authority Engine. It opens a local dashboard in your browser — no network connection needed.
Import your .bapack file
Use the Import function in the dashboard. The engine verifies integrity and loads all rules automatically.
Review and tailor rules to your environment
Browse every STIG rule. Enable, disable, mark as not applicable, or defer rules to match your environment.
Run an audit
Execute a compliance scan against your enabled rules. The dashboard shows pass/fail results for every check.
Review results and apply remediations
Review failures, then apply remediations through the dashboard. All changes are safe and reversible.
Key Concepts
What is a Baseline Pack?
A Baseline Pack (.bapack) is a portable, integrity-verified package containing STIG rules, metadata, and version information for secure transfer into isolated environments.
Full Pack vs Delta Pack
A Full Pack contains every rule for a given STIG release and is used for initial setup or fresh installations. A Delta Pack contains only the rules that changed between two STIG versions — new rules, modified rules, and removed rules. When you import a delta pack, your existing tailoring decisions are automatically preserved for unchanged rules. This eliminates the need to re-review unchanged controls across updates.
Rule States
Every rule in the Local Authority Engine has a state that you control:
Audit vs Remediation
An Audit scans your system without making changes. Remediation applies fixes to bring the system into compliance, with rollback protection.
Compliance Scoring
The compliance score is the percentage of enabled rules that pass audit. Rules marked as disabled, not applicable, manual, or deferred are excluded from the score.
Frequently Asked Questions
Does this require internet?
No. The Local Authority Engine runs entirely offline. No external connections are required.
Does this send data anywhere?
No. All data remains on the local system. There is no telemetry, no external communication, and no data transfer.
What STIGs are supported?
Baseline Authority supports Windows, Windows Server, and select application STIGs, with additional platforms continuously added.
How do I update?
Import a delta pack to apply only new or changed rules. Your previous selections are preserved automatically.
Can I customize which rules apply?
Yes. Every rule can be enabled, disabled, deferred, or marked as not applicable. Your selections persist across updates.