I know of several DoD contractors using it in their closed areas with DCSA approval. The fun part is getting the OS and Hypervisor configured to be as close to stig compliant as possible. This requires a good bit of work remapping the controls an settings to whats needed.
