Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Find and prevent compliance failures
Continuous Delivery for Puppet Enterprise
Build, test, and deploy infrastructure as code faster and easier
Compliance Enforcement Modules
Remediate to stay in compliance
Content & Modules
Pre-built scripts to automate common tasks
Get Puppet Enterprise
First 10 nodes are free!
Try it now
Request a demo
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
Discover everything you need to know about DoD compliance and DoD configuration management, plus how to do it with Puppet.
Table of Contents:
DoD compliance is the ability to meet all of the compliance requirements set by the US Department of Defense (DoD), including DISA STIGs.
DoD configuration management is the process and tools put in place for configuration management in accordance with the Department of Defense (DoD).
Puppet Enterprise now offers Compliance Enforcement Modules aligned to DISA STIGs Benchmarks. The Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) were built to safeguard our most critical security systems and data against a dynamic threat environment, yet monitoring and enforcing widely deployed infrastructure at the U.S. Department of Defense (DoD) scale is a formidable task. With hundreds of STIGs requirements that change regularly, it is also an ongoing challenge.
Puppet by Perforce understands these issues, as more than 50% of U.S. federal cabinet departments and 70% of contractors use Puppet technologies, with many of the largest branches of government leveraging Open Source Puppet or Puppet Enterprise. Continuing that commitment to the DoD, Puppet has launched an update to its Compliance Enforcement Modules (CEM) that align to DISA STIGs.
Each new system brought into a network consumes valuable resources. It can be extremely time-consuming to determine which benchmarks apply to which systems, depending on the operating system (OS), role, version, or environment. This process involves various IT teams, including security and/or compliance teams who must validate the reference system and create complex reports which then must be interpreted by the operations team to determine the root cause of the issue.
Compliance Enforcement Modules provide self-enforcing policy as code that reduces the staff hours and network resources needed to add and enforce the STIGs compliance of each new system.
Puppet Comply and Compliance Enforcement Modules give operations teams the tools they need to:
Puppet Enterprise, Puppet Comply, and CEM deliver the tools DoD agencies need to free their staff to focus on more high-value projects, streamlining deployment of the systems that move them closer to mission success.
IT teams can often feel like they are chasing compliance, introducing more risk as they attempt to write remedial code. They depend on the security and the compliance team to run scans before they can approach remediation. This can lead to expensive delays. At the same time, DoD infrastructure and regulations are incredibly complex. Maintaining every server at 100 percent compliance would break other applications and services, leading to exceptions for specific system controls. Tracking all of those workarounds manually and reconciling them against each scan report is time-consuming and delays the development process.
Puppet Comply and Compliance Enforcement Modules create a trusted posture that allows IT operations teams to update once and deploy everywhere to:
Our goal is to make it as easy as possible for DoD agencies that need to ensure a continuously secure state in compliance with mandates like DISA STIGs.
Puppet by Perforce has proven expertise in secure, mission-critical programs such as DCSG-A and deploying across large-scale environments. The Puppet team also manages these modules and updates them as STIGs are updated and changed, allowing users to focus solely on their infrastructure compliance. For DoD teams in the Red Hat Enterprise Linux 7 environment, CEM with DISA STIGs support is available now, with support for additional operating systems expected in 2023.
Learn more about Puppet for government >>
Not using Puppet Enterprise yet? Get started with your free trial today.
TRY PUPPET ENTERPRISE
Product Marketing Manager, Puppet by Perforce
Charles Sanders is a Product Marketing Manager at Puppet by Perforce.