SteelCloud Creates STIG Compliance DevOps Lab in the Microsoft Azure Cloud
IA CLOUD Supports Rapid, Large-scale Government Security Simulation and Testing
Ashburn, Virginia – March 27, 2018 — SteelCloud LLC announced today that it has selected Microsoft’s Azure cloud to implement its new DevOps Lab for large-scale STIG remediation testing. SteelCloud’s IA CLOUD facilitates both internal product and external customer testing and validation. IA CLOUD replicates typical customer environments including operating systems, applications, routers/switches, subnets, firewalls, and domain controllers.
SteelCloud’s ConfigOS software will be integrated across IA CLOUD to support a wide range of STIG remediation and compliance use cases. A partial list of components implemented in IA CLOUD includes Windows 7/8/10, Windows Server 2008/2012/2016, Domain Controller 2012/2016, SQL Server, IIS, Microsoft Office, IE, Chrome, Red Hat 6/7, SUSE, Ubuntu, Oracle Linux, and Apache. Additional third-party tools will include STIG Viewer, Security Compliance Checker, Vulnerator, and Nessus. Approximately 6,000 STIG controls will be automated in the Microsoft Azure IA CLOUD Azure DevOps environment.
“We developed IA CLOUD to provide an easily accessible environment for agile STIG testing and validation,” said Brian Hajost, SteelCloud President and CEO. “We recognize that having our customers replicate large on-premise test environments, incorporating all of the operating systems necessary, can be cost prohibitive and time consuming. Our new Azure DevOps environment allows us to quickly set up a large scale, heterogeneous, sand-box environment for customers to collect real-world results from piloting automated STIG remediation and compliance.”
SteelCloud’s IA CLOUD will be available in April with the release of ConfigOS Command Center. Command Center combines advance capabilities and workflow with the proven ConfigOS policy remediation engine. The Microsoft Azure IA CLOUD will accommodate a wide range of use cases encompassing a handful to over a thousand systems.
ConfigOS is currently implemented in classified and unclassified environments, tactical programs, disconnected labs, and the commercial cloud. ConfigOS is client-less technology, requiring no software agents. ConfigOS scans endpoint systems and remediates hundreds of STIG controls in under 90 seconds. Automated remediation rollback, as well as comprehensive compliance reporting and STIG Viewer XCCDF output, are provided. ConfigOS was designed to harden every CAT 1/2/3 STIG control around an application baseline in about 60 minutes – typically eliminating weeks or months from the RMF accreditation timeline. ConfigOS automates the incorporation of documented policy waivers to help ensure flawless automated STIG remediation and compliance reporting. ConfigOS content includes over 10,000 STIG and CIS controls. New functionality in the latest release includes a JSON file results archive and a patent-pending Active Directory GPO conflicts tracking capability.
SteelCloud develops STIG and CIS compliance software for government customers and those technology providers that support government. Our products automate policy and security remediation by reducing the complexity, effort, and expense of meeting government security mandates. SteelCloud has delivered security policy-compliant solutions to military components around the world which simplify implementation and ongoing security and mission support. SteelCloud products are easy to license through our GSA Schedule 70 contract. SteelCloud can be reached at (703) 674-5500. Additional information is available at www.steelcloud.com or by email at firstname.lastname@example.org.