search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Page 16


ManageMent www.us- tech.com Accelerating the Pace of Government IT Modernization By Del Williams


by the glacial pace of RMF accredita- tion and the manual processes re- quired to secure any system connect- ed to the outside world from security risks and inherent vulnerabilities. As part of this process, systems


F


must be hardened to standard Secu- rity Technical Implementation Guide (STIG) benchmarks. The STIGs pro- vide configuration specifications for operating systems, database man- agement systems, web servers, and weapon systems used by government agencies. The problem is STIGs are long


and detailed. Often containing hun- dreds of pages, adhering to or up-


or decades, the federal govern- ment has been hamstrung in its efforts to adopt new IT systems


grading software or systems to a par- ticular STIG has been a highly spe- cialized manual process that can take many months to accomplish. In addition to the significant time in- volved, it requires well-trained engi- neers that are skilled in the technical system, operating system policies and security guidance.


Upgrading Government Software


IT modernization projects for


government agencies come in many forms. Information may be consolidat- ed into a single, shared data center or new applications moved to a different infrastructure. Increasingly, due to the government’s Cloud Smart pro- gram, as well as security guidelines


outlined by FedRAMP, modernization projects involve moving to the com- mercial cloud. The advantages for government are moving to a more ag- ile and accessible system that can be accessed anywhere and does not re- quire complex on-premise networks. “Moving to the cloud is sup-


posed to be relatively quick and easy, but addressing system security in the cloud is no faster or easier than it is for an on-premise environment,” explains Brian Hajost, president of SteelCloud and an expert in auto- mated STIG compliance. He says that even considering


the slow pace of it, most still under- estimate the expertise and time re- quired, particularly when moving to the cloud. A shortage of trained per- sonnel impacts the ability to modern- ize, a shortage that is even more acute in classified environments.


STIG Automation Now, there are new STIG au-


tomation tools that can quickly identi- fy any conflicts that an application will run into a hardened environment. Products like SteelCloud’s ConfigOS identify and harden all controls con- sidered a potential security risk. As outlined in the STIGs, risks


Navigating the Challenge of the American Marketplace


Helping international advanced manufacturing companies to accelerate strategic growth in the American market through direct operational management and expert guidance.


Getting Started in the Americas


Restructuring Your American Operation


Managing Your American Operations


Advising Your Board of Directors


Accelerating Growth Through M&A


Wherever you are on your journey to expansion into the American market, we can help. Contact us to discuss how we can grow your business, together.


+1 203 226 8895 sales@allianceamericas.com allianceamericas.com


are categorized into three levels (1/2/3) with Category 1 the most se- vere and having the highest priority. The software then produces a do- main-independent comprehensive policy “signature,” including user-de- fined documentation and STIG policy waivers. In this step alone, weeks or months of manual work can be com- pleted in an hour. The signature and documenta-


tion are included in a secure, encrypt- ed signature that is used to scan end- points, including laptops, desktop PCs and physical/cloud servers, without being installed on any of them. The


Run with us.


There is no better way to reach the Electronic High Tech and Manufacturing


Community than advertising in U.S. Tech.


www.us-tech.com.


time it takes to remediate hundreds of STIG controls on each endpoint is typ- ically under 90 seconds. ConfigOS exe- cutes multiple remediations at a time. The encrypted signature can


then be transported across large and small networks, classified environ- ments, labs, disconnected networks, and tactical environments with con- nected and disconnected endpoints. No other changes are required to the network, security and no software is installed on any endpoint.


“Moving to the cloud is


supposed to be relatively quick and easy, but


addressing system security in the cloud is no faster or easier than it is for an on-premise environment,”


To date, ConfigOS has been li-


censed by just about every branch of the Department of Defense, as well as parts of the DHS, HHS and De- partment of Energy. The product is also used by large defense contrac- tors and in programs for all branches of the military. In addition to resolving issues


proactively at much less cost and time, the software also provides the required documentation for RMF ac- creditation. This can eliminate months from what is typically a 6- to 12-month process to further speed time to production. The STIGs are updated and


evolve as well. With a new update every 90 days, automated STIG re- mediation software accommodates for changes in the requirements. Two business days after DISA publishes a new version of the STIGs, new pro- duction signatures are tested and made available to customers. “New security updates are in-


troduced periodically to account for newly discovered vulnerabilities, as well as changes and updates by the vendors supplying the major operat- ing environment components,” says Hajost. “The greater benefit is that the capacity to modernize is greatly expanded. Modernization shouldn’t be once every 10 years — it should be a continual process. Then once you can modernize more, you get to reap the benefits, which includes greater agility, more consolidated informa- tion, better access to information —


with better security overall.” Contact: SteelCloud, LLC,


20110 Ashbrook Place, Suite 170, Ashburn, VA 20147 % 703-674-5500 E-mail: info@steelcloud.com Web: www.steelcloud.com r


May, 2020


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96