Introducing the Compliance Enforcement Modules
The Puppet Compliance Enforcement Modules (CEM) were developed to bring your Puppet Enterprise (PE)-managed nodes into compliance. CEM enforces Center for Internet Security (CIS) compliance rules. CIS Benchmarks are internationally recognized standards for securely configuring systems.
After you install and configure CEM, PE runs on any classified nodes without user intervention to scan for compliance. By default, CEM enforces CIS rules for the Level 1 profile.
Starting with CEM for Linux 1.4.0, CEM also enforces the Security Technical Implementation Guides (STIG) developed by the US Defense Information Systems Agency (DISA). The DISA STIG standard, widely used by US government agencies, can now be enforced by CEM on the Red Hat Enterprise Linux 7 and 8 operating systems.
The following sections provide instructions for installing CEM and customizing the configuration settings, if necessary, to meet your organization’s requirements.