Downloads of v 2.8:


Last Update:

12 Dec 2018

Package Maintainer(s):

Software Author(s):

  • IASE


security defense harden

STIG Viewer

This is not the latest version of STIG Viewer available.

  • 1
  • 2
  • 3

2.8 | Updated: 12 Dec 2018



Downloads of v 2.8:



Software Author(s):

  • IASE

  • 1
  • 2
  • 3
STIG Viewer 2.8

This is not the latest version of STIG Viewer available.

  • 1
  • 2
  • 3

All Checks are Passing

3 Passing Tests

Validation Testing Passed

Verification Testing Passed


Scan Testing Successful:

No detections found in any package files


To install STIG Viewer, run the following command from the command line or from PowerShell:


To upgrade STIG Viewer, run the following command from the command line or from PowerShell:


To uninstall STIG Viewer, run the following command from the command line or from PowerShell:


NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Enter your internal repository url

(this should look similar to

4. Choose your deployment method:

choco upgrade stigviewer -y --source="'STEP 3 URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:

choco upgrade stigviewer -y --source="'STEP 3 URL'"

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0

Exit $exitCode

- name: Ensure stigviewer installed
    name: stigviewer
    state: present
    version: 2.8
    source: STEP 3 URL

See docs at

chocolatey_package 'stigviewer' do
  action    :install
  version  '2.8'
  source   'STEP 3 URL'

See docs at

    Name: stigviewer,
    Version: 2.8,
    Source: STEP 3 URL

Requires Otter Chocolatey Extension. See docs at

cChocoPackageInstaller stigviewer
   Name     = 'stigviewer'
   Ensure   = 'Present'
   Version  = '2.8'
   Source   = 'STEP 3 URL'

Requires cChoco DSC Resource. See docs at

package { 'stigviewer':
  provider => 'chocolatey',
  ensure   => '2.8',
  source   => 'STEP 3 URL',

Requires Puppet Chocolatey Provider module. See docs at

salt '*' chocolatey.install stigviewer version="2.8" source="STEP 3 URL"

See docs at

5. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

Private CDN cached downloads available for licensed customers. Never experience 404 breakages again! Learn more...

This package was approved by moderator gep13 on 17 Dec 2018.


The DoD/DISA STIG Viewer tool provides the capability to view one or more XCCDF.xml formatted STIGs in an easy to navigate human readable format. It is compatible with STIGs developed and published by DISA for the DoD. The purpose of the STIG Viewer is to provide an intuitive graphical user interface that allows ease of access to the STIG content along with additional search and sort functionality unavailable with the current method of viewing the STIGs using a style sheet in a web browser. STIG Viewer also supports additional functionality.

STIG Viewer features:

  • Multiple STIG files can be open in STIG Viewer at any given time.
  • One or more XCCDF STIG files can be individually loaded.
  • XCCDF STIG files can be extracted from zipped STIG packages.
  • A 'Local Save-point' can be created on a system to store user configuration data and the current set of imported STIGs. This permits the last set of loaded STIGs to be reloaded each time the Viewer is started. The 'Local Save-point' can be deleted from the Viewer's options menu. Only one 'Local Save-point' can be created at a time.
  • Multiple XCCDF STIG files can be simultaneously unzipped and loaded from a .zip file containing one or more folders which contain the zipped STIG packages. STIG Viewer will drill down to find all XCCDF files and load them. A 'Local Save-point' is required for this operation as all XCCDF files are extracted to its local folder.
  • The list of STIG requirements/vulnerabilities can be sorted by STIG ID, Vulnerability ID, or Rule ID
  • All loaded STIG files can be searched or filtered based on one or more keywords. All fields or individual fields can be searched. A filtered list of STIG requirements/vulnerabilities is returned
  • CCI data can be displayed if the CCI reference is contained in the STIG requirements/vulnerabilities
  • Loaded and filtered STIG data can be printed or exported to HTML and RTF file formats for use with other programs (i.e. web browsers and Microsoft Word). The printed/exported data is based on the list of requirements displayed in the center pane of the viewer. The output is formatted as a tables containing each requirement.
  • A manual review checklist can be generated from the currently loaded STIG (or STIGs) or a filtered list. The checklist is generated from all requirements showing in the center pane. This checklist can be used to manually enter review results and notes. The manual review checklist can be saved and reloaded
  • The manual review checklist can be formatted as a short form paper checklist for recording review results. This format can be exported to a file or printed
  • Automated review SCAP XCCDF Results files can be imported into the checklist populating the checklist with the automated results. The manual portion of the review can be completed and added to the automated results.
  • The checklist can be exported in a format that can be imported into VMS.

NOTE: This feature does not work well if a checklist is generated from multiple STIGs. Special handling is required

$tools = Split-Path -Parent $MyInvocation.MyCommand.Definition
$content = Join-Path -Path (Split-Path -Parent $tools) -ChildPath 'content'
$target = Join-Path -Path $content -ChildPath "STIGViewer-2.8.jar"

$shortcutdir = @{$true='CommonPrograms';$false='Programs'}[($PSVersionTable.PSVersion -gt '')]
$shortcut = Join-Path ([System.Environment]::GetFolderPath($shortcutdir)) 'STIG Viewer.lnk'

Install-ChocolateyZipPackage `
    -PackageName $env:ChocolateyPackageName `
    -UnzipLocation $content `
    -Url '' `
    -Checksum '66D4A6EFC863774929D84F4FAAF2F3484BA57607ECFFAA39731FF6547A117B7E' `
    -ChecksumType 'SHA256'

Install-ChocolateyShortcut `
    -ShortcutFilePath $shortcut `
    -TargetPath $target
$shortcutdir = @{$true='CommonPrograms';$false='Programs'}[($PSVersionTable.PSVersion -gt '')]
$shortcut = Join-Path ([System.Environment]::GetFolderPath($shortcutdir)) 'STIG Viewer.lnk'

Remove-Item -Path $shortcut -Force | Out-Null

Log in or click on link to see number of positives.

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Version Downloads Last Updated Status
STIG Viewer 2.14 113 Wednesday, April 28, 2021 Approved
STIG Viewer 2.8 517 Wednesday, December 12, 2018 Approved
Discussion for the STIG Viewer Package

Ground Rules:

  • This discussion is only about STIG Viewer and the STIG Viewer package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or STIG Viewer, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus