Install the module and classify nodes

To deploy CEM, you must install the module and then classify the nodes on which you want to enforce Center for Internet Security (CIS) compliance.

Before you begin
In some cases, compliance controls can negatively impact services that run on nodes. To help avoid possible issues, you can install and evaluate CEM in a test environment before running CEM in a production environment.
  1. Download CEM from Puppet Forge. The module is available as a premium content subscription. For more information, see the Premium content page.
  2. If the host server is connected to the internet, install the module by following the instructions in Installing modules from the Forge by using an internet connection.
  3. If the host server is not connected to the internet, install the module by following the instructions in Installing modules from the Forge in an air-gapped environment.
  4. Specify the nodes on which you want Puppet Enterprise (PE) to run and enforce compliance. To specify the nodes, open the PE console and assign the cem_windows class to one or more node groups. For instructions about creating and classifying node groups, see Grouping and classifying nodes.