Introducing Security Compliance Enforcement

Starting with v2.0.0, the Puppet® Compliance Enforcement Modules (CEM) are renamed to Security Compliance Enforcement (SCE). If you have Puppet Enterprise (PE)® or open source Puppet installed, you can deploy SCE to enforce the secure configuration of IT infrastructures and thus protect operations and data. You can enforce the Center for Internet Security (CIS) compliance rules, which embody internationally recognized standards. You can also enforce the Security Technical Implementation Guides (STIGs) developed by the US Defense Information Systems Agency (DISA). DISA STIG standards are implemented by many US government agencies.

After you install and configure SCE, PE or open source Puppet runs on any classified nodes without user intervention to enforce compliance. By default, SCE enforces CIS rules for the Level 1 profile. However, you can enforce a variety of security standards and levels, depending on the operating system of the nodes where your servers and workstations are installed. For a list of supported standards for Linux nodes, see Prepare to install the module. For a list of supported standards for Microsoft Windows nodes, see Prepare to install the module.

Instructions are provided for installing SCE and customizing the configuration settings, if necessary, to meet your organization’s requirements.

Separate instructions are provided for Linux and Windows operating systems:

Tip: To access previously published documentation, see Introducing the Compliance Enforcement Modules.