Configuration of CEM is optional. If you
installed CEM and assigned the
class to one or more node groups in the Puppet Enterprise (PE)
console, PE will run automatically and enforce the
Center for Internet Security (CIS) Server Level 1 profile. However, if the default values
leave your infrastructure in an undesirable state, or if you want to customize compliance to
meet your organization's requirements, you can configure CEM.
For example, if a CIS control sets the maximum password age at 365 days, but your organization requires a password change every 90 days, you can configure CEM accordingly.
For configuration examples, see How to configure the module: Examples and guidelines.