This post compiles all the information you need to know about the support for DISA STIGs compliance reports, in SolarWinds Network Configuration Manager (NCM). Don’t miss this new DISA STIG posting about LEM: DISA STIG Compliance with Log & Event Manager.


Bookmark it and use it to remember everything about Solarwind’s NCM capabilities in this area. We will update and maintain it moving forward.


Please note that the US Army has granted a Certificate of Networthiness (CoN) to NCM V 6.0. CERT-201109082. CoN has also been granted to NPM, APM, NTA and Engineering Toolset.


Example of a DISA STIG report checking 150 network configurations in a single click!


How to install DISA STIG reports on my NCM?

With NCM 7.x

Just open your NCM 7.x Web interface, go to the Configs tab / Compliance view / Manage Policy Reports.

Go to the "Shared on Thwack" tab and Search for the DISA STIG reports.

Select and Import what you need. More information about the newest refresh, for V8R14 here

[For history tracking purpose only: More information DISA STIG V8R9 Updates about the recent V8R9 update.]


With NCM 6.1

The installation of NCM compliance reports (including DISA STIG) can be done only by the WEB UI of the NPM Integration (this constraint will be removed in the next release of NCM) and requires an Internet access and credential to


If you do not have this integration installed you need to install it before you can import the DISA STIG reports.


If you do not have NPM, you can download for free, an evaluation version of NPM from this page, for the purpose of running the integration module and import the DISA STIG reports.


Once you have NPM and the integration module installed an running:

  1. Navigate to the Configs / Compliance view
  2. Click the Manage Policy Reports
  3. Open the Shared on Thwack tab
  4. Select one or multiple DISA STIG reports (use the Search tool to narrow down the content of the window)
  5. You will be asked for your Thwack credentials
      Looking for more information about the recent V8R9 update? DISA STIG V8R9 Updates



And what if you are not connected to the Internet?

From any workstation that has an Internet access, download the DISA STIGS xml reports from and copy them on a memory stick or any media that allows you to copy them easily on the target NCM computer (that does not have Internet access).

More information about the new package for V8R14 here

[For history tracking purpose only: More information about the recent V8R9 update: DISA STIG V8R9 Updates.]


  1. Navigate to the Configs / Compliance view of the WEB UI of the NCM integration for NPM.
  2. Click the Manage Policy Reports.
  3. From the Manage Reports tab, select Import and select a DISA STIG XML file.
  4. Repeat the last step for all DISA STIG reports you want to import.



Related Thwack postings


Support of the reports

As any Thwack content, the DISA STIG reports are not supported and maintained by Solarwinds.


As NCM users in the Federal Government (and government IT consultants) configure, modify and update the DISA STIG and FISMA compliance reports so they work better in their unique environments, we hope that changes that would be useful to the community would be uploaded and shared on Thwack.



  • The following SolarWinds products are Common Criteria EAL 2 certified by the NIAP: NPM, SAM (APM), IPAM, NTA, IPSLAM, NCM, EOC. Our Validation ID is 10453
  • You can also find Federal Information Security Management Act (FISMA) / NIST reports for NCM 6.1, on (same installation procedure applies)
  • Did you know that Gartner positions NCM in their research “MarketScope for Network Configuration and Change Management”, Deb Curtis, David Williams, 31 March 2010, ID Number: G00175140, as follows:
    • NCM is the most widely deployed of the products meeting Gartner’s criteria for evaluation (except CiscoWorks)
    • NCM is rated in the top tier (Positive / Strong positive) with the “Big-4”
  • A reference to SolarWinds (NPM) in the SIGNAL Online article “Marines Revolutionize Network In Southwest Afghanistan