CEM for Windows
You can deploy CEM for Windows to help ensure that your servers and workstations on Microsoft Windows operating systems comply with CIS Benchmarks.
By default, CEM enforces the Level 1 server profile on Windows Server 2016 and Windows Server 2019. CEM enforces the Level 1 corporate enterprise profile on Windows 10 Enterprise. For more information about CIS Benchmarks, see Center for Internet Security (CIS) rules.
To take advantage of new features, fixes, and improvements, install the latest version of CEM. You can learn about the latest release by reviewing the Release notes. Then, to install CEM, follow the instructions in Installing CEM. By default, CEM runs automatically on any classified nodes and does not require configuration. However, if you want to configure CEM to meet your organization's requirements, follow the instructions in Configuring CEM.
-
Release notes
Review the release notes to learn about updates and resolved issues in the Compliance Enforcement Module (CEM) for Windows. -
Installing CEM
Before you install CEM, complete the preparation steps: review the system requirements, install and configure Puppet Enterprise (PE), and purchase CEM. Then, install CEM and classify the nodes on which you want to enforce compliance. -
Upgrading CEM
You can upgrade CEM for Windows to take advantage of the latest features, fixes, and improvements. -
Configuring CEM
Configuration of CEM is optional. If you installed CEM and assigned thecem_windows
class to one or more node groups in the Puppet Enterprise (PE) console, PE will run automatically and enforce the default compliance profile on the classified nodes. However, if the default values leave your infrastructure in an undesirable state, or if you want to customize compliance to meet your organization's requirements, you can configure CEM. -
Reference: Benchmarks and controls
For help with configuring CEM, review the Reference topics on Puppet Forge.