RMF Risk MGT Framework requires that systems be hardened to standard STIG or CIS benchmarks.
According to NIST:
The management of organizational risk is a key element in the organization’s information security program and provides an effective framework for selecting the appropriate security controls for a system….The Risk Management Framework provides a process that integrates security and risk management activities into the system development life cycle.
However, the issue is that applications are typically developed and tested in non-STIG environments and when placed in a STIG hardened environments they fail. These failures are unique to each application stack and sorting them out can take weeks/months for each application. ConfigOS has proprietary processes that we call Policy 360. Policy 360 hardens all STIG/CIS controls around an application stack in about 60 minutes. Policy 360 reduces 90% of the initial hardening effort, saving months off the RMF Risk MGT Framework timeline for ongoing remediation and accreditation. Additionally, the initial hardening efforts produces a production signature containing documentation of required waivers. With this signature, the customer can replicate hardening effort anywhere in the world. The signature is also used by ConfigOS to enhance ongoing CDM efforts.