The Platform

A complete platform for managing and enforcing STIG baselines across isolated environments.

From baseline creation to endpoint compliance — built for disconnected and air-gapped systems

Two Components, One Mission

Baseline Authority is built around two core components: a cloud-based pack factory that processes and packages STIG baselines, and a local engine that runs entirely within your secure environment.

Pack Factory

Connected Side

We ingest DISA STIG releases and convert them into structured Baseline Packs (.bapack), complete with normalized rules, metadata, and version tracking.

  • Automated STIG ingestion and parsing
  • Rule normalization and classification
  • Version-aware delta pack generation
  • Integrity-verified .bapack packaging

Local Authority Engine

Disconnected Side

Install the Local Authority Engine inside your environment. Import packs, review rules, run audits, and apply remediations — all locally, with no network dependency.

  • Pack import with integrity verification
  • Per-rule enable, disable, and override controls
  • Real-time compliance auditing
  • Safe, reversible remediation with rollback

Platform Capabilities

Purpose-built features for managing STIG compliance in isolated environments.

Structured Rule Management

Every STIG rule is normalized with structured metadata, severity, check logic, and fix guidance.

Persistent Exceptions

Your decisions carry forward across updates. No rework required.

Delta Updates

Only review what changed. New, modified, and removed rules are clearly flagged.

Registry / Service / Policy Checks

Automated checks across registry, services, audit policies, and system configurations.

PowerShell Remediation Engine

Apply remediations through a controlled, auditable PowerShell engine with rollback support.

Compliance Scoring Dashboard

Real-time compliance scoring with drill-down visibility into rule status and remediation results.

Supported Baselines

Baseline Packs available across operating systems and applications, updated with each DISA STIG release.

Operating Systems

Windows 10, Windows 11, Windows Server

Available

Applications

Defender, Edge, Office 365

Available

Linux

RHEL, Ubuntu, more

Expanding

Additional Platforms

Network, infrastructure, more

Roadmap

All baselines are version-tracked and updated automatically with each STIG release.

What's in a Baseline Pack?

A .bapack file is a portable, self-contained compliance package designed for secure transfer across isolated environments.

Normalized STIG Rules

Every rule is parsed and structured with severity, category, check logic, and remediation guidance.

Structured Metadata

Includes platform, STIG version, release details, and classification for automated workflows.

Version Tracking

Full version lineage enables delta updates and preserves your decisions across releases.

Integrity Hashes

SHA-256 verification ensures pack integrity during transfer.