Solving the Challenges of the STIG Compliance Lifecycle
The DoD protects its thousands of networks from cybercrime by aligning with DISA STIG policy, hardening both DoD and partner systems against threat. But while significant advances have been made in the areas of threat definition and vulnerability monitoring, less progress has been made in deploying automation to implement and maintain STIG policy on the millions of systems that support the DoD.
The lack of automation results in slow, costly, and inconsistent implementation of policy. This, in turn, creates vulnerabilities and burdensome maintenance work, not to mention significant expense upwards of hundreds of millions of dollars a year. SteelCloud’s ConfigOS Command Center and ConfigOS MPO are proven, patented and powerful solutions not just for STIG compliance, but for RMF acceleration, too.
Having delivered STIG-compliant automation technologies across each of the Services and many DoD agencies for years, SteelCloud understands the operational issues involved in maintaining the most challenging secure environments. Better yet, we’ve created two solutions that automate the complete compliance lifecycle—one for traditional STIG environments and one for hybrid workforces—and simplify and accelerate the job of hardening controls around application stacks and creating secure baselines.
STIGs break applications.
Best practices dictate a layered approach built on a foundation of configuration, patching, and policy. Additional security measures will not generally compensate for deficiencies in any one of these three foundational areas. Policy is typically the most difficult to implement of the three. STIG policy can often interfere with an application’s operation, especially if the application was not designed, developed, and tested in a STIG-compliant environment. In short, STIGs break applications.
Well written applications should not require waivers, but the reality is that they do. Since waivers can diminish the intended security posture of an environment and are expensive to approve and maintain, it is imperative that STIG policy implementation be as complete as possible.
STIGs and the DoD.
The speed at which you can STIG impacts the speed at which you are able to:
- Accredit and rollout new, more secure technologies. Save months, if not years, with automation.
- Implement security updates to existing applications and operating systems. Save months with automation.
- Apply quarterly STIG updates. Save weeks or months with automation.
The manual approach to STIG compliance is slow and expensive and does not achieve the goal of making the DoD more secure. These days, STIG-related efforts are buried deep within thousands of DoD and program budgets, making it more difficult to appreciate the significant dent that STIG automation can have on the billions of dollars that the DoD spends annually on STIG compliance. With simple, proven tools out there such as ConfigOS, there is no reason the DoD shouldn’t be in full, up-to-date and continual compliance at all times. And they certainly shouldn’t be delaying any security updates or new technologies along the way.
A full lifecycle solution from SteelCloud.
ConfigOS has been implemented across the DoD in classified environments, tactical deployments, air-gapped labs, cloud, and on stand-alone systems. In concept, ConfigOS is very simple. It accomplishes all three of the primary functions needed for STIG compliance:
- Determine the correct STIG controls for an application environment in about an hour
- Document your effort by automatically creating a machine executable XML signature
- Remediate to targeted security standards in a matter of seconds – without system failure or unexpected downtime
What sets ConfigOS apart from other security tools and technologies is the sheer speed and simplicity with which it operates. It reduces the time and effort it takes to harden STIG controls around an application by at least 90% while documenting the process. It reduces costs by at least 70%. It can STIG an entire system in less than an hour (two minutes for MPO). And it typically pays for itself the first time it is used. With the inherent flexibility of ConfigOS, the DoD can now set variable ranges of security policy standards based on application, location, and/or security domain.
Increase your agility and security with the push of a button.
The operational impact of STIG compliance slows the adoption of new security technologies, and slows the installation of critical security updates, operating system service packs, and other endpoint-related security enhancements. ConfigOS can dramatically decrease the negative impact that STIG compliance has on the DoD’s IT agility.
SteelCloud’s patented, revolutionary technology helps the DoD and its mission partners raise security, lower costs, and improve agility. Schedule your free demo today.