SteelCloud Software Deployed to Secure Critical OT Infrastructure at Major Energy Company

ASHBURN, Va., March 2, 2022-- SteelCloud LLC, a leading STIG and CIS compliance automation software developer, announced today its ConfigOS technology has been licensed to a major U.S. energy company to secure Operational Technology (OT) assets.

SteelCloud's software will be used to harden OT endpoints using the Center for Internet Security (CIS) industry-standard for system-level controls. The initial implementation will be deployed to support the NIST security framework and will include thousands of process control and SCADA assets. The ConfigOS agent-less architecture provides unique benefits to OT operators because it performs its cyber work without the need to load software on OT assets.

According to Gartner, "attacks on organizations in critical infrastructure sectors have increased dramatically, from less than 10 in 2013 to almost 400 in 2020 — a 3,900% change." Gartner also predicts that by 2025, "30% of critical infrastructure organizations will experience a security breach that will result in the halting of an operations- or mission-critical cyber-physical system."

"With the convergence of IT and OT networks, securing those assets from cyber-attack is more important today than ever," said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. "SteelCloud's application uses CIS consensus-based Benchmarks to significantly reduce common threats such as malware, insufficient authorization, and remote intrusion."

"With the most recent attacks and the guidance provided by CISA and NIST, critical infrastructure organizations are beginning to increase their focus on improving OT security, said Brian Hajost, SteelCloud Chief Operating Officer. "Companies which have standardized on the high-level NIST framework are looking to implement the proper system-level controls necessary to effect the proper security hardening. The industry-standard CIS Benchmarks define the answer, and our ConfigOS software was chosen to automate these security controls in the most efficient and effective manner possible."

About ConfigOS
SteelCloud's ConfigOS software is currently implemented in hundreds of commercial and government organizations. Use cases for ConfigOS range from business, cloud, SCADA, and weapon systems. ConfigOS scans and remediates hundreds of system-level controls in minutes. Automated remediation rollback as well as comprehensive compliance reporting and SIEM dashboard integration is provided. ConfigOS was designed to harden hundreds of system-level controls around an application stack in about 60 minutes - typically eliminating weeks or months from the RMF accreditation timeline. ConfigOS addresses Microsoft Windows workstation and server operating systems, SQL Server, IIS, IE, Chrome, and all of the Microsoft Office components. The same instance of ConfigOS addresses CISCO network devices, Apache, Red Hat 5/6/7/8, SUSE, CENTOS, Ubuntu, and Oracle Linux. Learn more at

About SteelCloud
SteelCloud develops STIG and CIS compliance software for government and commercial customers. Our products automate policy and security remediation by reducing the complexity, effort, and expense of meeting government security mandates. SteelCloud has delivered security policy-compliant solutions to enterprises worldwide, simplifying implementation and ongoing security and compliance support. SteelCloud products are easy to license through our GSA Schedule 70 contract. SteelCloud can be reached at (703) 674–5500 or [email protected]. Additional information is available at, or contact Jamie Coffey at [email protected].

About CIS
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on- demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit or follow us on Twitter: @CISecurity.