Customer
U.S. Government Agency Automates Their Way to 98% STIG Compliance with Puppet
For this U.S. government agency working in the energy sector, noncompliance is non-negotiable. At the risk of huge fines and penalties, the agency must meet DISA STIG requirements across all their servers – or else pay a huge fine. Here’s where Puppet steps in to ensure that servers are correctly configured and stay that way.
Benefits of Using Puppet:
- Streamlined Compliance Removed the manual work of aligning security baselines to meet strict DISA STIG compliance requirements.
- Future-Proof Compliance Established a pattern for applying STIG requirements in the future, saving time no matter how many times the regulations change.
- Configuration Management Applied consistent configuration across servers, as well as added visibility for ongoing changes and management.
Challenge: Hundreds of Compliance Requirements Per OS
The U.S. Defense Information Systems Agency (DISA) provides a long checklist of security technical implementation guide (STIG) compliance requirements that vary by operating system. Just for Linux alone, there are over 500 items to achieve STIG compliance and avoid a penalty fine.
Manual intervention and time-consuming compliance tasks kept Kathy Lee’s team busy with ad hoc updates. To make it even more confusing, it was hard to keep track of who was managing the servers and making changes, or even when those changes took place.
When this agency looked for a solution, they turned to Puppet to help meet these strict IT security standards and help them achieve compliance.
Results: From 30% to 98% Compliance
“When you use Puppet to fix a STIG, you save a lot of time, and you save a lot of money ... That’s a stunning difference.”
Kathy Lee, Software Developer, U.S. Government Agency
With Puppet, there are no more manual interventions that slowly happen host by host. Once a module has been written to address a STIG, it can be used as a jumping off point for future compliance requirements. This is how Kathy Lee and her team went from 30% to 98% compliance using Puppet, saving time and money.
Puppet also helped this agency stay on top of server management, with visibility into server changes and ownership. This enhances security and saves the team time troubleshooting any problems.
See for yourself what Puppet can do to keep your organization compliant and secure. Try it today or request a demo with the Puppet team.