Introducing the Compliance Enforcement Modules

The Puppet Compliance Enforcement Modules (CEM) were developed to bring your Puppet Enterprise (PE)-managed nodes into compliance. CEM enforces Center for Internet Security (CIS) compliance rules. CIS Benchmarks are internationally recognized standards for securely configuring systems.

After you install and configure CEM, PE runs on any classified nodes without user intervention to scan for compliance. By default, CEM enforces CIS rules for the Level 1 profile.

Starting with CEM for Linux 1.4.0, CEM also enforces the Security Technical Implementation Guides (STIG) developed by the US Defense Information Systems Agency (DISA). The DISA STIG standard, widely used by US government agencies, can now be enforced by CEM on the Red Hat Enterprise Linux 7 and 8 operating systems.

The following sections provide instructions for installing CEM and customizing the configuration settings, if necessary, to meet your organization’s requirements.

Separate modules are provided for Linux nodes and for Microsoft Windows nodes:

To manage Linux nodes, see CEM for Linux.
To manage Windows nodes, see CEM for Windows.