Category: STIG Remediation

27 Mar 2018
alt="STIG RMF DevOps Image"title="picture RMF DevOps Policy Cycle"/>

SteelCloud Creates STIG Compliance DevOps Lab in the Microsoft Azure Cloud

SteelCloud Creates STIG Compliance DevOps Lab in the Microsoft Azure Cloud

IA CLOUD Supports Rapid, Large-scale Government Security Simulation and Testing

Ashburn, Virginia – March 27, 2018 — SteelCloud LLC announced today that it has selected Microsoft’s Azure cloud to implement its new DevOps Lab for large-scale STIG remediation testing.  SteelCloud’s IA CLOUD facilitates both internal product and external customer testing and validation.  IA CLOUD replicates typical customer environments including operating systems, applications, routers/switches, subnets, firewalls, and domain controllers.

SteelCloud’s ConfigOS software will be integrated across IA CLOUD to support a wide range of STIG remediation and compliance use cases.  A partial list of components implemented in IA CLOUD includes Windows 7/8/10, Windows Server 2008/2012/2016, Domain Controller 2012/2016, SQL Server, IIS, Microsoft Office, IE, Chrome, Red Hat 6/7, SUSE, Ubuntu, Oracle Linux, and Apache.  Additional third-party tools will include STIG Viewer, Security Compliance Checker, Vulnerator, and Nessus.  Approximately 6,000 STIG controls will be automated in the Microsoft Azure IA CLOUD Azure DevOps environment.

“We developed IA CLOUD to provide an easily accessible environment for agile STIG testing and validation,” said Brian Hajost, SteelCloud President and CEO.  “We recognize that having our customers replicate large on-premise test environments, incorporating all of the operating systems necessary, can be cost prohibitive and time consuming.  Our new Azure DevOps environment allows us to quickly set up a large scale, heterogeneous, sand-box environment for customers to collect real-world results from piloting automated STIG remediation and compliance.”

SteelCloud’s IA CLOUD will be available in April with the release of ConfigOS Command Center.  Command Center combines advance capabilities and workflow with the proven ConfigOS policy remediation engine.  The Microsoft Azure IA CLOUD will accommodate a wide range of use cases encompassing a handful to over a thousand systems.

About ConfigOS

ConfigOS is currently implemented in classified and unclassified environments, tactical programs, disconnected labs, and the commercial cloud.  ConfigOS is client-less technology, requiring no software agents.  ConfigOS scans endpoint systems and remediates hundreds of STIG controls in under 90 seconds.  Automated remediation rollback, as well as comprehensive compliance reporting and STIG Viewer XCCDF output, are provided.  ConfigOS was designed to harden every CAT 1/2/3 STIG control around an application baseline in about 60 minutes – typically eliminating weeks or months from the RMF accreditation timeline.  ConfigOS automates the incorporation of documented policy waivers to help ensure flawless automated STIG remediation and compliance reporting.  ConfigOS content includes over 10,000 STIG and CIS controls.  New functionality in the latest release includes a JSON file results archive and a patent-pending Active Directory GPO conflicts tracking capability.

About SteelCloud

SteelCloud develops STIG and CIS compliance software for government customers and those technology providers that support government.  Our products automate policy and security remediation by reducing the complexity, effort, and expense of meeting government security mandates.  SteelCloud has delivered security policy-compliant solutions to military components around the world which simplify implementation and ongoing security and mission support.  SteelCloud products are easy to license through our GSA Schedule 70 contract.   SteelCloud can be reached at (703) 674-5500.  Additional information is available at www.steelcloud.com or by email at info@steelcloud.com.

12 Mar 2018
alt="CIS Compliance Benchmarks" title="Picture CIS logo"

Automated STIG & CIS Remediation for Policy Compliance

SteelCloud – Automated STIG & CIS Remediation for Policy Compliance

Automated STIG Remediation – SteelCloud brings a unique IA perspective to our customers and partners. We have years of experience in manually hardening systems creating the foundation for developing exciting new patented technologies for automating STIG and CIS remediation. We develop and deliver the most complete and productive tools for policy compliance. Our patented ConfigOS software technology is a complete solution to quickly establish a STIG and or CIS compliant environment.
We have implemented policy-compliant solutions in each of the DoD Services, and in major DoD and Civilian agencies – both in the U.S. and around the world. SteelCloud was instrumental in hardening one of the first DoD applications to get an ATO in the Amazon AWS commercial cloud. As with all of our initiatives, we strive to simplify government security mandates. We give our customers back the agility necessary to exceed mission their objectives.
Quickly scan a single endpoint or your entire infrastructure. With SteelCloud’s patented scanning engine, each instance of ConfigOS can scan 3,000-5,000 systems per hour – supporting the requirements of even the largest infrastructures.
Remediate STIG or CIS security controls using your own customized policies. Each instance of ConfigOS can remediate 500-3000 systems per hour and can meet your performance requirements with each additional instance. With ConfigOS, you will have the speed to remediate every endpoint every day – ensuring that security drift becomes a thing of the past.
Automatic consolidated compliance reporting makes it easy to see your current compliance standings. These reports are provided in an organized, easy-to-understand format. Customize and filter your results with our built-in tools, and or load our automatic XCCDF output directly into STIGViewer.
ConfigOS is a complete solution offering scanning, STIG remediation, CIS remediation, reporting, and external interfaces to other tools.  ConfigOS incorporates both policy content and policy remediation automation for Windows Workstation, Windows Server, and Linux.  Most importantly, ConfigOS was designed to allow a user to easily adjust policies to address waivers and comply with unique requirements.
The ConfigOS software has been used in every possible IT infrastructure including classified, tactical, cloud, and weapon system environments.  Our customers include eight out of the top ten federal integrators, major civilian and intelligence agencies, and technology vendors that want to deliver the STIG and CIS-compliant solutions to their customers.  No matter whether you have a handful of systems or thousands of endpoints, ConfigOS is a perfect system to automate your compliance requirements.
01 Dec 2017
alt="CIS Compliance Benchmarks" title="Picture CIS logo"

SteelCloud Expands Commitment to the CIS Compliance Benchmarks – Becomes a CIS SecureSuite Member

Ashburn, Virginia – August 23, 2017 — SteelCloud LLC announced today that it has become a CIS
SecureSuite member
. Through this membership, the company is further bolstering its
cybersecurity defense for CIS compliance coverage by adding comprehensive CIS (Center for Internet Security)
content to its existing automated STIG remediation capabilities. SteelCloud leverages the CIS Compliance
Benchmarks, which are a consensus-based, internationally recognized security configuration
resources developed by experts around the world to enhance its patented policy remediation
technology, ConfigOS, to meet the needs of the growing corporate and government markets.

“We are pleased to expand SteelCloud’s commitment to CIS through our new CIS SecureSuite
membership,” said Brian Hajost, SteelCloud President and CEO. “CIS Benchmarks are important
industry-accepted system hardening standards used by organizations in meeting compliance
requirements for FISMA, PCI, HIPAA, and other security mandates. With ConfigOS, we are
delivering the most comprehensive solution for automating the remediation of system policy to
the newest CIS standards.”

“We are excited to welcome SteelCloud as a CIS SecureSuite member, and look forward to
collaborating with them to help enhance their cybersecurity posture,” said Curtis Dukes, Executive
V.P. and G.M., CIS Security Best Practices & Automation.

ConfigOS is currently implemented in enterprise environments, classified and tactical programs,
agile labs, and the AWS commercial cloud. ConfigOS is client-less technology, requiring no
software agents. ConfigOS scans endpoint systems for hundreds of CIS controls in under 60
seconds and then remediates the endpoints in under 90 seconds. Automated remediation rollback
as well as comprehensive compliance reporting are provided. ConfigOS was designed to harden
every CIS control around an application baseline in 60 minutes – typically eliminating weeks or
months from the accreditation timeline. ConfigOS automates the incorporation of documented
policy waivers to ensure flawless automated CIS remediation and compliance reporting.
ConfigOS addresses Microsoft Windows 7/8/10 and Windows Server 2008/2012/2016 along with
Red Hat Enterprise Linux 5/6/7 and CENTOS Linux.

To receive more information on ConfigOS, please contact SteelCloud at info@steelcloud.com.
Video demonstrations of ConfigOS Windows and Linux remediation are available on the
Company’s website,
www.steelcloud.com, under the “Demos” tab. 

29 Nov 2017
alt="CDM image"title=" picture Risk Management Framework"/>

What Makes ConfigOS RMF Accreditation So Successful?

ConfigOS – Rock Solid, Simple Risk Managment Framework Accreditation and STIG Compliance!
ConfigOS is an easy to use software environment for creating, implementing, and remediating security policy, such as the DISA STIG and the CIS benchmarks.
Risk Management Framework (RMF) requires that systems be hardened to standard STIG or CIS benchmarks to meet RMF Accreditation.

FastPath Policy Authoring – Accelerates RMF accreditation by hardening policy controls around an application environment in 60 minutes. ConfigOS is a flexible Policy Signature authoring system designed to quickly and easily create, tune and extend STIG policy controls. Each user can quicly meet the requirements of any application environment. Our software creates policies for secure baselines and manages STIG support for the entire STIG and application lifecycle. From the pre-production RMF and ATO and move to STIG and application production remediation. Now each customer can harden every CAT I/II/III control around an application in typically less than 60 minutes with combined ConfigOS and FastPath sofware. Traditionaly it takes days, weeks, and often months to do this manually. ConfigOS evn has remediation rollback and special functionality to “bake” STIG POAMs waivers into its remediation process.

High Performance Scanning and Automated Remediation – The fastest, most complete STIG scanner available. It is the “easy button” for automated STIG remediation. ConfigOS STIG 360 manages the complete STIG lifecycle of an application environment. Our breakthrough technology automatically “fixes” STIG policy non-compliances for Windows and Linux systems. ConfigOS can scan 3,000 to 5,000 endpoints per hour and remediate 1,000 to 3,000 endpoints per hour from a single instance. Add additional instances of ConfigOS and increase capacity even more. SteelCloud provides tested, documented content for STIG compliance.

Comprehensive Compliance Reporting – ConfigOS offers easy to use XML compliance reporting. Our software solution provides comprehensive enterprise and individual endpoint XML-based compliance reporting. Additionally, ConfigOS also produces XCCDF output for easy integration with STIG Viewer.

Government Use Cases – Currently ConfigOS  operates in the – physical and virtualized – connected and disconnected – private, cloud, and tactical – unclassified and classified – DoD, Federal Civilian, and Vendor.
ConfigOS is agent-less and does not require changes to endpoint application stacks or adding infrastructure. No internet, web and database and or license servers, no domain controllers or changes in Active Directory, and no STIG waivers. ConfigOS effectively operates in both large and small networks, classified environments, labs, disconnected networks, tactical environments, and FedRamp clouds.

ConfigOS is easy to buy – Available on GSA and other BPAs.