ConfigOS by SteelCloud
Compliance Automation Solution

ConfigOS is a purpose-built domain-independent software application for authoring, remediating, and reporting on STIG (Security Technical Implementation Guide) and CIS (Center for Internet Security) policies.  Due to the complexity of government and commercial networks, we designed a simple solution for implementation that offers a side-benefit of reskilling the existing workforce.  

ConfigOS requires no domain services or agents/clients.  Its content can be used across physical domains to allow for the inheritance of controls across infrastructures and mission partners.  ConfigOS provides for direct STIG Viewer Checklist integration and supports waivers in all of its processes.  ConfigOS allows for the hardening of every CAT 1/2/3 control around an application stack in just 60 minutes compared with weeks for doing the job in a traditional manner.  

Each instance of ConfigOS can harden (fix) thousands of systems per hour.  ConfigOS has special functionality to synchronize with Active Directory.  ConfigOS supports both Windows and Linux environments including applications such Microsoft Office, Internet Explorer, Chrome, IIS, SQL Server, and Apache.  Cisco switch/router/firewall remediation will be delivered in the coming months.  

RMF (Risk Management Framework) acceleration has been the driving theme from our customers, especially over the past 3 years.  As would be expected, ConfigOS generates compliance artifacts that are used today throughout the RMF and ATO (Authorization to Operate) process to deliver content to repositories such as EMASS, XACTA, and Archer.  Both leadership and cyber compliance personnel use ConfigOS reporting.

ConfigOS has been in production within the U.S. federal government for over 5 years, including weapon systems and classified environments.  Further, the top 6 U.S. federal IT integrators use ConfigOS to deliver their government programs and meet mission objectives.

Category: Detection Devices and Systems.

Sponsor: SteelCloud LLC

Developer: SteelCloud LLC

Evaluation Facility: Advanced Data Security, LLC

Evaluation Level: EAL 2 augmented with ALC_FLR.1