Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The oil and gas industry, including the mineral and royalty space, has become increasingly dependent on digital technologies to conduct certain activities. Sitio depends on digital technologies to perform many of its services and to process and record financial and operating data. Sitio therefore recognizes the importance of developing, implementing, and maintaining effective cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We seek to assess, identify and manage cybersecurity risks through the processes described below. Risk Assessment We have implemented a multi-layered system designed to protect and monitor data and cybersecurity risk. We also engage third-party consultants to conduct regular assessments of our cybersecurity safeguards. Our internal Information Technology (“IT”) team conducts regular evaluations designed to assess, identify and manage material cybersecurity risks, and we endeavor to update cybersecurity infrastructure, procedures, policies, and education programs in response. We use firewalls and protection software, and we additionally rely on third-party service providers for alerts regarding suspicious activity. Incident Identification and Response We have implemented a monitoring and detection system to help identify cybersecurity incidents. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal), as well as senior leadership and the Board, as appropriate. Cybersecurity Training and Awareness All employees are required to receive annual cybersecurity awareness training. Access Controls We provide users with access consistent with the principle of least privilege, which requires that users be given no more access than necessary to complete their job functions. We have also implemented a multi-factor authentication process for employees accessing company information. Encryption and Data Protection Encryption methods are used to protect sensitive data. This includes the encryption of employee laptops, customer data, financial information, and other confidential data. We engage third-party consultants in connection with our cybersecurity program. For example, we have engaged an independent consultant to not only perform certain testing but to also provide remediation recommendations as applicable regarding our information security program and information technology strategic plan. The above cybersecurity risk management processes are integrated into the Company’s overall enterprise risk management program. Cybersecurity risks are understood to be significant business risks, and as such, are considered an important component of our enterprise-wide risk management approach.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have implemented a multi-layered system designed to protect and monitor data and cybersecurity risk. We also engage third-party consultants to conduct regular assessments of our cybersecurity safeguards. Our internal Information Technology (“IT”) team conducts regular evaluations designed to assess, identify and manage material cybersecurity risks, and we endeavor to update cybersecurity infrastructure, procedures, policies, and education programs in response. We use firewalls and protection software, and we additionally rely on third-party service providers for alerts regarding suspicious activity.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Through the Company’s enterprise risk management program, the Board is responsible for overseeing cybersecurity, information security, and IT risks, as well as management’s actions to identify, assess, mitigate, and remediate those risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Through the Company’s enterprise risk management program, the Board is responsible for overseeing cybersecurity, information security, and IT risks, as well as management’s actions to identify, assess, mitigate, and remediate those risks. The Audit Committee assists the Board in exercising oversight of the Company’s cybersecurity, information security, and IT risks. As appropriate, the Board or Audit Committee reviews and discusses with management the Company’s procedures and practices as well as any potential identified incidents with respect to cybersecurity, information security and information and operational technology, including related risks. In addition, our Executive Vice President, Operations is responsible for keeping the Board apprised of cybersecurity incidents and the Board is charged with determining the materiality of such incident.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	In addition, our Executive Vice President, Operations is responsible for keeping the Board apprised of cybersecurity incidents and the Board is charged with determining the materiality of such incident.
Cybersecurity Risk Role of Management [Text Block]	Management is responsible for assessing, identifying, and managing risks from cybersecurity threats. The Company’s IT function focuses on current and emerging cybersecurity matters. The Company’s IT department is led by the Director of IT, who reports to the Company’s Executive Vice President, Operations, including with respect to emerging cybersecurity incidents. They are responsible for implementing cybersecurity policies, programs, procedures, and strategies. To facilitate effective oversight, the Director of IT holds discussions on cybersecurity risks, incident trends, and the effectiveness of cybersecurity measures as necessitated by emerging material cyber risks. The Director of IT has served at Sitio since 2022 and has over 19 years of experience in managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs at Sitio and similar companies.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The Company’s IT department is led by the Director of IT, who reports to the Company’s Executive Vice President, Operations, including with respect to emerging cybersecurity incidents.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Director of IT has served at Sitio since 2022 and has over 19 years of experience in managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs at Sitio and similar companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	As appropriate, the Board or Audit Committee reviews and discusses with management the Company’s procedures and practices as well as any potential identified incidents with respect to cybersecurity, information security and information and operational technology, including related risks. In addition, our Executive Vice President, Operations is responsible for keeping the Board apprised of cybersecurity incidents and the Board is charged with determining the materiality of such incident.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The oil and gas industry, including the mineral and royalty space, has become increasingly dependent on digital technologies to conduct certain activities. Sitio depends on digital technologies to perform many of its services and to process and record financial and operating data. Sitio therefore recognizes the importance of developing, implementing, and maintaining effective cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We seek to assess, identify and manage cybersecurity risks through the processes described below.

Risk Assessment

We have implemented a multi-layered system designed to protect and monitor data and cybersecurity risk. We also engage third-party consultants to conduct regular assessments of our cybersecurity safeguards. Our internal Information

Technology (“IT”) team conducts regular evaluations designed to assess, identify and manage material cybersecurity risks, and we endeavor to update cybersecurity infrastructure, procedures, policies, and education programs in response. We use firewalls and protection software, and we additionally rely on third-party service providers for alerts regarding suspicious activity.

Incident Identification and Response

We have implemented a monitoring and detection system to help identify cybersecurity incidents. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal), as well as senior leadership and the Board, as appropriate.

Cybersecurity Training and Awareness

All employees are required to receive annual cybersecurity awareness training.

Access Controls

We provide users with access consistent with the principle of least privilege, which requires that users be given no more access than necessary to complete their job functions. We have also implemented a multi-factor authentication process for employees accessing company information.

Encryption and Data Protection

Encryption methods are used to protect sensitive data. This includes the encryption of employee laptops, customer data, financial information, and other confidential data.

We engage third-party consultants in connection with our cybersecurity program. For example, we have engaged an independent consultant to not only perform certain testing but to also provide remediation recommendations as applicable regarding our information security program and information technology strategic plan.

The above cybersecurity risk management processes are integrated into the Company’s overall enterprise risk management program. Cybersecurity risks are understood to be significant business risks, and as such, are considered an important component of our enterprise-wide risk management approach.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Through the Company’s enterprise risk management program, the Board is responsible for overseeing cybersecurity, information security, and IT risks, as well as management’s actions to identify, assess, mitigate, and remediate those risks. The Audit Committee assists the Board in exercising oversight of the Company’s cybersecurity, information security, and IT risks. As appropriate, the Board or Audit Committee reviews and discusses with management the Company’s procedures and practices as well as any potential identified incidents with respect to cybersecurity, information security and

information and operational technology, including related risks. In addition, our Executive Vice President, Operations is responsible for keeping the Board apprised of cybersecurity incidents and the Board is charged with determining the materiality of such incident.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

In addition, our Executive Vice President, Operations is responsible for keeping the Board apprised of cybersecurity incidents and the Board is charged with determining the materiality of such incident.

Cybersecurity Risk Role of Management [Text Block]

Management is responsible for assessing, identifying, and managing risks from cybersecurity threats. The Company’s IT function focuses on current and emerging cybersecurity matters. The Company’s IT department is led by the Director of IT, who reports to the Company’s Executive Vice President, Operations, including with respect to emerging cybersecurity incidents. They are responsible for implementing cybersecurity policies, programs, procedures, and strategies. To facilitate effective oversight, the Director of IT holds discussions on cybersecurity risks, incident trends, and the effectiveness of cybersecurity measures as necessitated by emerging material cyber risks. The Director of IT has served at Sitio since 2022 and has over 19 years of experience in managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs at Sitio and similar companies.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The Company’s IT department is led by the Director of IT, who reports to the Company’s Executive Vice President, Operations, including with respect to emerging cybersecurity incidents.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Director of IT has served at Sitio since 2022 and has over 19 years of experience in managing information security, developing cybersecurity strategy, and implementing effective information and cybersecurity programs at Sitio and similar companies.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

As appropriate, the Board or Audit Committee reviews and discusses with management the Company’s procedures and practices as well as any potential identified incidents with respect to cybersecurity, information security and

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true