Security Compliance Management overview

Welcome to Security Compliance Management (SCM)!

This overview is intended for new users of Security Compliance Management. We go over what Security Compliance Management is and how it works. Before you begin, we recommend familiarizing yourself with our Security Compliance Management terminology.

What is Security Compliance Management and how does it work?

Security Compliance Management is a tool that expands the compliance capabilities of Puppet Enterprise (PE), by integrating with the CIS assessor to scan your infrastructure against the latest CIS Benchmarks. Security Compliance Management connects to your Puppet Enterprise environment and gathers information about your Puppet Enterprise managed nodes, including operating system facts and classification node groups. It uses this information to suggest appropriate scans.

You can choose to run ad-hoc scans or desired compliance scans — a default CIS benchmark and profile scan that you assign to a node. Security Compliance Management can automate desired compliance for you based on the information it gathers about your nodes from PE, or you can manually choose your desired compliance from a list of benchmarks and profiles. You can also create custom profiles to fit internally defined standards, by specifying which rules you want visible in scan reports. Most of the time, you only need to set your desired compliance once.

The scans are run as a task in Puppet Enterprise. Scan results populate in the Security Compliance Management Compliance dashboard, where you can see the number of nodes scanned and their compliance breakdown. In each node listed, there is a further breakdown of rule information which tells you why that rule is important, and steps you can take to fix the rule if it is failing the scans.

To see Security Compliance Management in action, watch the demo below, or go through the steps yourself in our beginner's guide.

For a full list of features, see the release notes.