Risk Management Framework
The Department of Defense (DoD) introduced the Risk Management Framework (RMF) in 2014 to assist federal agencies to better manage risks associated with operating an information system. Federal agencies must now follow assessment standards established by the National Institute of Standards and Technology (NIST). RMF requires that systems be hardened to standard STIG or Center for Information Security (CIS) benchmarks. The issue is that applications are typically developed and tested in a non-STIG environment. When they are placed in a STIG hardened environment they fail. These failures are unique to each application stack and sorting them out can take weeks and or months for each application.
ConfigOS has proprietary processes that we call Policy 360. Policy 360 hardens all STIG/CIS controls around an application stack in about 60 minutes. Policy 360 reduces 90% of the initial hardening effort, saving months of the RMF timeline. Additionally, the initial hardening efforts produce a production signature containing documentation of required waivers. With this signature, the customer can replicate hardening efforts anywhere in the world. The signature is also used by ConfigOS to enhance ongoing CDM efforts.