The complete STIG assessment
workbench

A standalone desktop app for macOS, Windows, and Linux. View, assess, and export DISA STIG checklists — no Java, no VS Code required.

Download 14-Day Trial Buy Pro — $12/mo
macOS · Windows · Linux
New in 0.1
STIG Version Upgrade Wizard

DISA releases updated STIGs regularly. Manually re-triaging every rule from scratch takes hours — and risks losing prior work when rules are rewritten or renumbered.

The Upgrade Wizard carries your completed findings forward to a new STIG version automatically. It identifies which rules changed, which are new, which were removed, and flags anything that needs re-review before you sign off.

1
Select source & target

Pick your completed checklist and the new STIG version (XCCDF benchmark or blank CKLB).

2
Review the analysis

See exactly what carried cleanly, what changed, what’s new, and what was removed — before touching a file.

3
Configure options

Choose whether to reset changed rules, add upgrade notes to comments, and generate a markdown diff report.

4
Execute

The upgraded checklist and optional report are written to disk. Your source file is never modified.

Features
Everything you need for STIG assessments
From importing benchmarks to exporting evidence packages, STIG Workbench handles the full assessment lifecycle.

14-Day Trial

$0 no card required
Full access for 14 days · then buy Pro or keep using the free core
  • Full checklist viewer & editor
  • Import XCCDF benchmarks
  • Import legacy CKL files
  • Export to CKL & CSV
  • SCAP results import
  • Inline editing with auto-save
  • Status filtering & free-text search
  • Column sorting & bulk actions
  • Target data editing
  • Works offline — all local processing
Download 14-Day Trial
Popular

Pro

$12 /month
or $100/year per seat · Instant license key delivery
  • Everything in the free core, plus:
  • STIG Version Upgrade Wizard
  • SARIF import with CWE-to-STIG mapping
  • Repo security scanner
  • Dependency audit import (npm/pip)
  • Multi-checklist dashboard
  • Merge / carry forward findings
  • Diff two checklists
  • POA&M export
  • Evidence package builder
  • Finding detail templates
Buy Pro — $100/yr $12/month
How It Works
From download to evidence in four steps
No Java runtime. No VS Code. Just install and open your first checklist.

Download

Download the 14-day trial for your OS and install it. Double-click any .cklb file and it opens automatically.

Import STIG

Import an XCCDF benchmark from public.cyber.mil to generate a blank checklist, or open an existing CKL or CKLB.

Assess & Automate

Import SARIF, SCAP results, or dependency audits to auto-populate findings. Use the built-in repo scanner for additional checks.

Export Evidence

Export CKL for eMASS, CSV for briefings, POA&M for remediation tracking, or a full evidence package ZIP.

Built for Assessors
Replace the legacy Java STIG Viewer

DISA’s STIG Viewer is a standalone Java app from another era — slow to launch, limited in features, and disconnected from the rest of your workflow. STIG Workbench is a modern native desktop application that handles the full assessment lifecycle in one place.

Work through rules with keyboard shortcuts, triage with inline dropdowns, carry findings forward when STIG versions update, and export everything your ATO package needs.

Native Desktop App

Runs on macOS, Windows, and Linux. No Java, no VS Code, no browser. Opens .cklb files by default.

SAST-to-STIG Automation

Map CodeQL, Semgrep, and Bandit findings directly to STIG rules via CWE IDs. Stop copy-pasting.

STIG Upgrade Wizard

Carry completed findings to a new STIG version automatically. Change detection flags only what needs re-review.

Download
Start your 14-day trial
Full Pro access, no credit card required. Buy a license when you’re ready.

macOS

.dmg · macOS 11+
Download for Mac

Windows

.exe · Windows 10+
Download for Windows
🐧

Linux

.AppImage · Ubuntu 20.04+
Download for Linux
All three platforms included in a single Pro license.