Fortress Information Security

Fortress Information Security is a cybersecurity company specializing in cyber supply chain risk management (C-SCRM) for critical infrastructure organizations, including utilities and government agencies. The company was founded to address third-party risk management and compliance challenges faced by operators of critical infrastructure. Fortress offers the Fortress Platform, an integrated solution that combines AI, risk intelligence, and managed services to manage global third-party risks and asset vulnerabilities. Key capabilities include vendor and supplier assessments, software bill of materials (SBOM) and hardware bill of materials (HBOM) analysis, vulnerability management with prioritized remediation guidance, and OT/IT security coverage. The company serves two primary market segments: commercial enterprises in the energy and utilities sector (including Investor-Owned Utilities) and federal government agencies, including branches such as the U.S. Navy. Fortress Government Solutions, a division of the company, focuses specifically on federal clients and has secured government contracts including IDIQ vehicles. Their approach emphasizes a "do once, share many" model that aims to reduce redundancy across supplier assessments. The leadership team includes professionals with backgrounds from organizations such as NERC, NSA, CIA, FBI, and DHS, reflecting a focus on both regulatory compliance and national security contexts. The company positions itself as a managed service and platform provider, combining automated tooling with human analyst expertise to conduct deep supplier assessments and support clients in meeting cybersecurity regulatory requirements relevant to critical infrastructure.