Comply terminology

Learn the key terms that are associated with Puppet Comply.

CIS Benchmarks

Developed by the Center for Internet Security (CIS), CIS Benchmarks are internationally recognized standards and best practices for securely configuring systems. For more information, see CIS Benchmarks.

CIS assessor

Comply integrates with the CIS assessor (CIS-CAT PRO), the scanner tool that assesses CIS benchmarks. As part of the Comply configuration process, Puppet Enterprise (PE) installs the CIS assessor on your target nodes. For more information on the assessor, see CIS-CAT Pro.


CIS Benchmarks include different levels of security settings, called profiles. The Level 1 profiles are the base recommendation for every system, and the Level 2 profiles are intended for environments requiring greater security. Comply can scan for either profile.


Each profile contains multiple rules that define specific elements of system configuration.

Custom profiles

A custom profile is a benchmark profile that you customize to fit your organization's internally defined standards, by specifying which rules you want visible in scan reports. Once you create a custom profile, it appears as an option in Comply when selecting a benchmark and profile.

Desired compliance

Desired compliance is the benchmark and profile that you assign to a node. It becomes the default scan for that node.

For a full list of Puppet® terminology, see the Puppet Glossary.