Blogs

Be the first person to recommend this.
How integrating CKL, eMASS and SIEM with automation is the solution Identifying Targets for eMASS automation There are four significant areas that automation can be applied to provide real advantage to the operationalization of cyber compliance within the DoD. Automate and reduce the effort/errors in merging non-technical CKL data with machine-generated technical data. Automate and simplify the production and input of compliance data into eMASS. Automate and reduce the effort to produce, name, and store fully populated STIG Viewer Checklist in bulk (by the 1,000s). Provide complete CKL data to SIEM data feeds so that complete ...
0 comments
Be the first person to recommend this.
How eMASS Automation Unites the Missing Security Compliance Data eMASS, or the Enterprise Mission Assurance Support Service, was developed by the DoD, in part, as a repository that unites technical/machine data generated from endpoint scans with the human/non-technical data documented by security/IA personnel. Traditionally the “uniting” process is accomplished by completing a STIG Viewer Checklist for each policy for each endpoint. So, picture a 1000 workstation environment could easily generate 10,000 individual checklist files or more. Understanding the STIG Viewer Checklist Problem These checklists are traditionally hand-created by pre-populating ...
0 comments
Be the first person to recommend this.
We are aware of the Log4J zero-day vulnerability that has been recently given the descriptor “Log4Shell”. Log4j, developed by the Apache Software Foundation, is a Java-based logging framework which can be utilized for web and server applications. ConfigOS does not use Log4j and is not susceptible to the “Log4Shell” vulnerability.
0 comments
Be the first person to recommend this.
Hello ConfigOS Customers! DISA released their Quarterly update and there were a variety of changes made to the STIGs. We are pleased to report that Team SteelCloud has responded to this new development and just finished the latest ConfigOS Signatures based on the new changes by DISA. We are also pleased to invite you to join the SteelCloud-Access Community Portal. This new site will be your one-stop-shop for downloading signatures, communicating with other ConfigOS users, and submitting queries directly to our staff and developers. The site can be reached here: https://www.steelcloud-access.com/home . You will need to click ...
0 comments
Be the first person to recommend this.
We have just released version 2.8.1 AND 2.8.2 of Command Center! We wanted to make sure that everyone is aware of the newest features and enhancements that you can expect once you download the latest update! Command Center 2.8.1 - New Features Improved Security A user will not be able to log into Command Center until the ConfigOS Admin has assigned one or more roles. A new user is required to change their password on their first login to access Command Center. Password complexity improved. Passwords require 3 of the following: 1 uppercase letter, 1 lowercase letter, 1 non-cased letter, 1 number, 1 special character, and be at least 12 characters long. ...
5 comments
Be the first person to recommend this.
System drift and how to prevent IT environments from becoming vulnerable. How best to analyze system drift between your application control policy rules and the applications that run in your environment. Depending on the severity of the drift, there could be a significant risk to the organization. Even more troublesome is the fact that security teams can spend tens of hours trying to trace back what happened. So instead, scan your endpoints and detect the deviations in system settings to identify the non-compliant devices in real-time and remediate to reduce security gaps. Today’s cyber hygiene requirements have never been more crucial in advancing the process ...
0 comments
Be the first person to recommend this.
On July 23rd, DISA dropped the latest batch of STIGs. As some of you may have noticed, there was an update to the complete number schema and a new method used for creating RuleIDs included in this update. This is different from the previous numbering changes that occurred last summer/fall. Here’s why this is going to be painful for anyone using scripting as a solution: the numbering change isn’t LOGICAL, making scripts useless. You’ll need to update the numbering manually which is weeks of work on it’s own. Unfortunately, this also applies if the scripts being used have been written to be ingested by STIGViewer or other systems of record. But since you ...
0 comments
Be the first person to recommend this.
Any business can use these best practices established by the Cyberspace Solarium Commission (CSC) Guide The Cyberspace Solarium Commission (CSC) was created by the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to develop a strategic approach to defending the United States against cyberattacks of significant consequences. The CSC recognizes the importance of working with the private sector , which means that all companies need to understand where they fit into the layered cyber deterrence strategies. What are the 3 layers of defense? Before even getting to the three layers of defense, the Cyberspace Solarium Commission (CSC) ...
0 comments
Be the first person to recommend this.
Modern businesses collect data a lot of data. Regardless of your industry, your company relies on PII (Personally Identifiable Information) to provide the best consumer experience possible. This reliance on information makes PII financially valuable. If it didn’t, malicious actors wouldn’t be looking to steal it. Legislative bodies and industry standards recognize this shift. In response, they look to compliance mandates as a way to hold businesses accountable. By hardening systems, you can create a strong foundation for meeting these stringent compliance mandates around protecting PII. What is Personally Identifiable Information? Personally identifiable ...
0 comments
Be the first person to recommend this.
On May 12, 2021, the President issued the Executive Order on Improving the Nation’s Cybersecurity (Executive Order) . Although the Executive Order focuses on Federal Civilian Executive Branch (FCEB) agencies, it also looks to help secure the federal supply chain. Understanding the potential longer-term potential impact that the Executive Order has for commercial entities can help you get a head start on securing your environment. What Commercial Entities Need to Know About the Executive Order Commercial entities may not be entirely exempt from the Executive Order’s requirements. Depending on your company’s industry vertical, you may have stringent requirements ...
0 comments

What are CIS Benchmarks?

Be the first person to recommend this.
What are CIS Benchmarks and Best Practice? Most organizations need to create baseline technical security configurations. However, configuring systems is one thing. Maintaining those security configurations over time is a whole different beast. The Center for Internet Security (CIS) Controls offers companies a way to set a path to maturing their cybersecurity programs as well as technical guidance for establishing and maintaining secure configurations. Who is the Center for Internet Security (CIS)? CIS is a non-profit organization whose mission is to make the connected world safer by “developing, validating, and promoting timely best practice solutions.” ...
0 comments
Be the first person to recommend this.
Understanding how NIST Risk Mitigation Framework and Lower-Level Controls can keep you on track! With lower-level technical controls, companies can create secure, resilient environments. However, they need to continuously monitor these controls and update them for a dynamic security posture. Managing security configurations is complex because updating them runs the risk of introducing problems that did not exist within the previous configuration. Understanding how lower-level controls help a company meet the requirements established in the National Institute of Standards and Technology Risk Mitigation Framework (NIST RMF) while maintaining your environment’s ...
0 comments
Be the first person to recommend this.
Reconsider the value air gapping brings to intellectual property data protection. If you have a machine that is not connected to the internet directly or to any other computers that are connected to the internet, are you truly secure and can it be hacked? Many companies now require that a network or system is secure by isolating it from other computers and or networks. But some attackers can gain physical access to breach them still. In today’s hyperautomated world, organizations connect various environments, applications and databases to one another, creating complex infrastructures. Security professionals discuss the difficulties inherent in securing cloud ...
0 comments
1 person recommends this.
Hello everyone, I was just speaking with one of my engineers today and I came across something I think the entire community could benefit from. Even at SteelCloud sometimes we forget there is an easy button at our fingertips. We have the splitter and we should make regular use of it. Sometimes routine convinces us we know the answer and even though we have this excellent tool we spend time guessing. So as cheesy as it may sound I came up with something to help people remember to split first. It's called ABS, Always Be Splitting. Corny I know, but in the grand scheme of things it will save you so much time. There are so many variables that can cause ...
1 comment

First Time Visitors

Be the first person to recommend this.
First Time Visitors Video
0 comments
Be the first person to recommend this.
At SteelCloud, we are dedicated to high-quality, reliable software and responsive and available customer service. During the COVID 19 crisis, SteelCloud has implemented best practices for social distancing and telework as part of our Continuity of Operations Plan (COOP). Whether working remotely or at our facilities, our development and support staff have all of the tools necessary to provide you with continuous support. You have enough to worry about in this time of uncertainty, and we want you to know that we are prepared for this crisis – no matter how long it lasts. Our team will remain fully engaged and accessible to your needs. Please contact ...
0 comments
Be the first person to recommend this.
0 comments