Benchmarks and standards supported by SCM and SCE

Puppet offers a range of software products to help ensure that your IT infrastructure complies with CIS Benchmarks and DISA STIG standards. You can use the Security Compliance Management tool (SCM, formerly Comply) to assess your infrastructure and identify non-compliance. You can use the Security Compliance Enforcement (SCE) modules to automatically restore compliance.

CIS Benchmarks

For an overview of the CIS Benchmarks supported by SCM and SCE, see the following table.

Operating system Version Supported by SCM Supported by SCE
AlmaLinux 8 checkmark checkmark
AlmaLinux 9 checkmark checkmark
Amazon Linux 2 checkmark  
Amazon Linux 2023 checkmark  
Azure Compute Microsoft Windows Server 2019 1 checkmark  
CentOS 7 checkmark  
Debian Linux 10 checkmark  
Debian Linux 11 checkmark  
Debian Linux 12 checkmark  
macOS 10  
macOS 11  
macOS 12  
macOS 13  
macOS 14  
Microsoft Windows 2012  
Microsoft Windows 2016
Microsoft Windows 2019
Microsoft Windows 2022
Microsoft Windows 10
Microsoft Windows 11  
Oracle Linux 7
Oracle Linux 8
Oracle Linux 9
Red Hat Enterprise Linux (RHEL) 7
RHEL 8
RHEL 9
Rocky Linux 8
Rocky Linux 9  
SUSE Linux Enterprise Server 12  
SUSE Linux Enterprise Server 15  
Ubuntu Linux 16  
Ubuntu Linux 18  
Ubuntu Linux 20
Ubuntu Linux 22
Ubuntu Linux 24  

STIG standards

For an overview of the STIG standards supported by SCM and SCE, see the following table.

Operating system Version Supported by SCM Supported by SCE
Amazon Linux 2 checkmark  
Debian Linux 11 checkmark  
Microsoft Windows 2016  
Microsoft Windows 2019  
RHEL 7
RHEL 8
Ubuntu Linux 20  

For detailed information about the CIS Benchmarks and STIG standards supported by SCM, see Supported CIS benchmarks.

For detailed information about the CIS Benchmarks and STIG standards supported by SCE for Linux, see System requirements.

For detailed information about the CIS Benchmarks supported by SCE for Windows, see System requirements.