Install the module and classify nodes
To deploy CEM, you must install the module and then classify the nodes on which you want to enforce Center for Internet Security (CIS) compliance.
Before you beginIn some cases, compliance controls can negatively impact services that run on nodes. To help avoid possible issues, you can install and evaluate CEM in a test environment before running CEM in a production environment.
- Download CEM from Puppet Forge. The module is available as a premium content subscription. For more information, see the Premium content page.
- Install the module by using Code Manager, a code management tool. For instructions, see the Premium content page.
Specify the nodes on which you want Puppet Enterprise (PE) to run and enforce compliance. To specify the nodes, open the PE console and assign the
cem_windowsclass to one or more node groups. For instructions about creating and classifying node groups, see Grouping and classifying nodes.