Defense Information Systems Agency (DISA), Application Security and Development (ASD), and Security Technical Implementation Guides (STIG) is a set of guidelines for securing desktop and enterprise applications used by the Department of Defense.
The guidelines cover in-house application development and the evaluation of third-party applications. They don’t cover commercial off-the-shelf software.