Configuration of CEM is optional. If you
installed CEM and assigned the
class to one or more node groups, the Center for Internet Security (CIS) Server Level 1
profile is enforced automatically during the next Puppet
run. However, if the default values leave your infrastructure in an undesirable state, or if
you want to customize compliance to meet your organization's requirements, you can configure
For example, if a CIS control sets the maximum password age at 365 days, but your organization requires a password change every 90 days, you can configure CEM accordingly.
You must also configure CEM if you plan to enforce DISA STIG standards rather than a CIS Benchmark. Follow the instructions in Configure DISA STIG.
For configuration examples, see How to configure the module: Examples and guidelines.