The NSA's STIGs are a useful resource. If you want the higher-level policies they come from, NIST[0] is one candidate.
If you want documents around the same level of specificity as the STIGs, you'll probably need a non-governmental source. Arch Linux and Nginx are not EAL certified[1] at any level, so the US Government isn't even going to try to secure them.
If you want documents around the same level of specificity as the STIGs, you'll probably need a non-governmental source. Arch Linux and Nginx are not EAL certified[1] at any level, so the US Government isn't even going to try to secure them.
[0] http://csrc.nist.gov/publications/PubsITLSB.html
[1] http://en.wikipedia.org/wiki/Common_Criteria