CIS Archives – SteelCloud

Category: CIS

27 Mar 2018
alt="STIG RMF DevOps Image"title="picture RMF DevOps Policy Cycle"/>

SteelCloud Creates STIG Compliance DevOps Lab in the Microsoft Azure Cloud

SteelCloud Creates STIG Compliance DevOps Lab in the Microsoft Azure Cloud

IA CLOUD Supports Rapid, Large-scale Government Security Simulation and Testing

Ashburn, Virginia – March 27, 2018 — SteelCloud LLC announced today that it has selected Microsoft’s Azure cloud to implement its new DevOps Lab for large-scale STIG remediation testing.  SteelCloud’s IA CLOUD facilitates both internal product and external customer testing and validation.  IA CLOUD replicates typical customer environments including operating systems, applications, routers/switches, subnets, firewalls, and domain controllers.

SteelCloud’s ConfigOS software will be integrated across IA CLOUD to support a wide range of STIG remediation and compliance use cases.  A partial list of components implemented in IA CLOUD includes Windows 7/8/10, Windows Server 2008/2012/2016, Domain Controller 2012/2016, SQL Server, IIS, Microsoft Office, IE, Chrome, Red Hat 6/7, SUSE, Ubuntu, Oracle Linux, and Apache.  Additional third-party tools will include STIG Viewer, Security Compliance Checker, Vulnerator, and Nessus.  Approximately 6,000 STIG controls will be automated in the Microsoft Azure IA CLOUD Azure DevOps environment.

“We developed IA CLOUD to provide an easily accessible environment for agile STIG testing and validation,” said Brian Hajost, SteelCloud President and CEO.  “We recognize that having our customers replicate large on-premise test environments, incorporating all of the operating systems necessary, can be cost prohibitive and time consuming.  Our new Azure DevOps environment allows us to quickly set up a large scale, heterogeneous, sand-box environment for customers to collect real-world results from piloting automated STIG remediation and compliance.”

SteelCloud’s IA CLOUD will be available in April with the release of ConfigOS Command Center.  Command Center combines advance capabilities and workflow with the proven ConfigOS policy remediation engine.  The Microsoft Azure IA CLOUD will accommodate a wide range of use cases encompassing a handful to over a thousand systems.

About ConfigOS

ConfigOS is currently implemented in classified and unclassified environments, tactical programs, disconnected labs, and the commercial cloud.  ConfigOS is client-less technology, requiring no software agents.  ConfigOS scans endpoint systems and remediates hundreds of STIG controls in under 90 seconds.  Automated remediation rollback, as well as comprehensive compliance reporting and STIG Viewer XCCDF output, are provided.  ConfigOS was designed to harden every CAT 1/2/3 STIG control around an application baseline in about 60 minutes – typically eliminating weeks or months from the RMF accreditation timeline.  ConfigOS automates the incorporation of documented policy waivers to help ensure flawless automated STIG remediation and compliance reporting.  ConfigOS content includes over 10,000 STIG and CIS controls.  New functionality in the latest release includes a JSON file results archive and a patent-pending Active Directory GPO conflicts tracking capability.

About SteelCloud

SteelCloud develops STIG and CIS compliance software for government customers and those technology providers that support government.  Our products automate policy and security remediation by reducing the complexity, effort, and expense of meeting government security mandates.  SteelCloud has delivered security policy-compliant solutions to military components around the world which simplify implementation and ongoing security and mission support.  SteelCloud products are easy to license through our GSA Schedule 70 contract.   SteelCloud can be reached at (703) 674-5500.  Additional information is available at or by email at

12 Mar 2018
alt="CIS Compliance Benchmarks" title="Picture CIS logo"

Automated STIG & CIS Remediation for Policy Compliance

SteelCloud – Automated STIG & CIS Remediation for Policy Compliance

Automated STIG Remediation – SteelCloud brings a unique IA perspective to our customers and partners. We have years of experience in manually hardening systems creating the foundation for developing exciting new patented technologies for automating STIG and CIS remediation. We develop and deliver the most complete and productive tools for policy compliance. Our patented ConfigOS software technology is a complete solution to quickly establish a STIG and or CIS compliant environment.
We have implemented policy-compliant solutions in each of the DoD Services, and in major DoD and Civilian agencies – both in the U.S. and around the world. SteelCloud was instrumental in hardening one of the first DoD applications to get an ATO in the Amazon AWS commercial cloud. As with all of our initiatives, we strive to simplify government security mandates. We give our customers back the agility necessary to exceed mission their objectives.
Quickly scan a single endpoint or your entire infrastructure. With SteelCloud’s patented scanning engine, each instance of ConfigOS can scan 3,000-5,000 systems per hour – supporting the requirements of even the largest infrastructures.
Remediate STIG or CIS security controls using your own customized policies. Each instance of ConfigOS can remediate 500-3000 systems per hour and can meet your performance requirements with each additional instance. With ConfigOS, you will have the speed to remediate every endpoint every day – ensuring that security drift becomes a thing of the past.
Automatic consolidated compliance reporting makes it easy to see your current compliance standings. These reports are provided in an organized, easy-to-understand format. Customize and filter your results with our built-in tools, and or load our automatic XCCDF output directly into STIGViewer.
ConfigOS is a complete solution offering scanning, STIG remediation, CIS remediation, reporting, and external interfaces to other tools.  ConfigOS incorporates both policy content and policy remediation automation for Windows Workstation, Windows Server, and Linux.  Most importantly, ConfigOS was designed to allow a user to easily adjust policies to address waivers and comply with unique requirements.
The ConfigOS software has been used in every possible IT infrastructure including classified, tactical, cloud, and weapon system environments.  Our customers include eight out of the top ten federal integrators, major civilian and intelligence agencies, and technology vendors that want to deliver the STIG and CIS-compliant solutions to their customers.  No matter whether you have a handful of systems or thousands of endpoints, ConfigOS is a perfect system to automate your compliance requirements.
01 Dec 2017
alt="CIS Compliance Benchmarks" title="Picture CIS logo"

SteelCloud Expands Commitment to the CIS Compliance Benchmarks – Becomes a CIS SecureSuite Member

Ashburn, Virginia – August 23, 2017 — SteelCloud LLC announced today that it has become a CIS
SecureSuite member
. Through this membership, the company is further bolstering its
cybersecurity defense for CIS compliance coverage by adding comprehensive CIS (Center for Internet Security)
content to its existing automated STIG remediation capabilities. SteelCloud leverages the CIS Compliance
Benchmarks, which are a consensus-based, internationally recognized security configuration
resources developed by experts around the world to enhance its patented policy remediation
technology, ConfigOS, to meet the needs of the growing corporate and government markets.

“We are pleased to expand SteelCloud’s commitment to CIS through our new CIS SecureSuite
membership,” said Brian Hajost, SteelCloud President and CEO. “CIS Benchmarks are important
industry-accepted system hardening standards used by organizations in meeting compliance
requirements for FISMA, PCI, HIPAA, and other security mandates. With ConfigOS, we are
delivering the most comprehensive solution for automating the remediation of system policy to
the newest CIS standards.”

“We are excited to welcome SteelCloud as a CIS SecureSuite member, and look forward to
collaborating with them to help enhance their cybersecurity posture,” said Curtis Dukes, Executive
V.P. and G.M., CIS Security Best Practices & Automation.

ConfigOS is currently implemented in enterprise environments, classified and tactical programs,
agile labs, and the AWS commercial cloud. ConfigOS is client-less technology, requiring no
software agents. ConfigOS scans endpoint systems for hundreds of CIS controls in under 60
seconds and then remediates the endpoints in under 90 seconds. Automated remediation rollback
as well as comprehensive compliance reporting are provided. ConfigOS was designed to harden
every CIS control around an application baseline in 60 minutes – typically eliminating weeks or
months from the accreditation timeline. ConfigOS automates the incorporation of documented
policy waivers to ensure flawless automated CIS remediation and compliance reporting.
ConfigOS addresses Microsoft Windows 7/8/10 and Windows Server 2008/2012/2016 along with
Red Hat Enterprise Linux 5/6/7 and CENTOS Linux.

To receive more information on ConfigOS, please contact SteelCloud at
Video demonstrations of ConfigOS Windows and Linux remediation are available on the
Company’s website,, under the “Demos” tab.