• Puppet.com
  • Forge
  • Education
  • Try Puppet
  • Products
  • Puppet Enterprise
  • Open Source Puppet
  • Bolt
  • Security Compliance Management
  • Continuous Delivery
  • Puppet Development Kit
  • Puppet DB
  • Puppet Plugin for VMware
  • Get
  • Technical Support Plans
  • Support Lifecycle Policy
  • New Puppet Enterprise Customer?
  • About Puppet
  • Company
  • Developer Experience
  • Community
  • Puppet Champions
  • Puppet Test Pilots
  • Community Calendar
  • Slack Channel

    PRODUCT AND VERSION

        • Welcome to Puppet Comply®
          • Comply terminology
          • Comply overview
          • Supported CIS Benchmarks
            • CIS-CAT Pro Assessor history
        • Release notes
          • Comply release notes
          • Comply known issues
        • Beginner’s guide to Comply
        • Puppet Application Manager
          • Welcome to Puppet Application Manager (PAM)
          • Release notes
            • PAM release notes
            • Known issues
          • Architecture overview
          • PAM system requirements
          • Component versions in PAM releases
          • Install PAM
            • Install Puppet applications using PAM on a customer-supported Kubernetes cluster
            • PAM HA online installation
            • PAM HA offline installation
            • PAM standalone online installation
            • PAM standalone offline installation
            • Automate PAM and Puppet application online installations
            • Automate PAM and Puppet application offline installations
            • Uninstall PAM
          • Working with Puppet applications
            • Install applications via the PAM UI
            • Update a license for online installations
            • Update a license for offline installations
            • Upgrade an automated online application installation
            • Upgrade an automated offline application installation
          • Maintenance and tuning
          • Upgrading PAM on a Puppet-supported cluster
          • Upgrading PAM on a customer-supported cluster
          • Backing up PAM using snapshots
          • Migrating PAM data to a new system
          • Disaster recovery with PAM
          • Troubleshooting PAM
        • Installing
          • System requirements
          • Downloading the CIS-CAT Pro Assessor bundle
          • Set up Comply
            • Configure Comply (online environment)
            • Configure Comply in an offline environment
            • Configure Comply TLS certificates
            • Configure Comply for a custom NGINX ingress (online environment)
            • Configure Comply for a custom NGINX ingress (offline environment)
            • Configure Comply TLS certificates for a custom NGINX ingress
            • Install the Comply module
            • Classify nodes
            • Deploy Comply
            • Add PE credentials
          • Uninstall Comply and remove PAM
          • Uninstall Comply without removing PAM
          • Remove the CIS-CAT Pro Assessor from a node
        • Upgrading
        • Using the Comply API
          • Manage personal access tokens
            • Create and manage personal access tokens as a user
            • Manage personal access tokens as an admin
          • Authenticate public APIs
          • REST API
            • REST API tutorial
            • Extract Compliance results using the Comply API
            • Export Comply data using the Comply API
            • Synchronize inventory with Puppet Enterprise using the Comply API
        • Managing access for Comply users
        • Guidelines for running Comply at scale
        • Desired compliance
        • Custom profiles
        • Exceptions
        • CIS scans
          • Run an ad hoc scan
          • Scan schedules
            • View details about a scan schedule
            • Pause and resume a scan schedule
            • Edit a scan schedule
            • Delete a scan schedule
            • Create a one-off scan schedule
            • Create a repeating scan schedule
          • CIS scan reports
            • CIS scan report details
        • Scan results
        • Enforce CIS benchmarks
        • Troubleshooting
        • Introducing the Compliance Enforcement Modules
        • CEM for Linux
          • Release notes
            • Known issues and limitations
          • Getting started
            • Basic concepts
            • Next steps
          • Installing CEM
            • Prepare to install the module
            • Install and evaluate the module in a test environment
            • Install the module in the production environment
            • Uninstall the module
          • Upgrading CEM
            • Prepare to upgrade the module
            • Upgrade the module
          • Configuring CEM
            • Overview of configuration options
            • How to configure the module: Examples and guidelines
              • Basic configuration example
              • Advanced configuration example
              • Automatically regenerate and enforce bootloader configurations
                • Regenerate bootloader configs automatically
                • Set a bootloader password
              • Configure DISA STIG
              • Configure authentication rules with PAM
              • Configure system authentication with the authselect utility
              • Apply CIS Benchmarks to a new Puppet Enterprise installation
              • Configure custom logrotate rules
              • Configure sudo without a password
              • Configure user SSH keys
              • Configure SSH permissions for users and groups
              • Configure the firewall type
              • Configure rules that rely on site-specific information
          • Auditing and querying issues identified during scans
          • Reference: Benchmarks and controls
            • Control updates introduced for Red Hat Enterprise Linux 8 STIG, Version 1, Release 11
            • Control updates introduced for Red Hat Enterprise Linux 7 STIG, Version 3, Release 12
        • CEM for Windows
          • Release notes
            • Known issues and limitations
          • Getting started
            • Basic concepts
            • Next steps
          • Installing CEM
            • Prepare to install the module
            • Install and evaluate the module in a test environment
            • Install the module in the production environment
            • Uninstall the module
          • Upgrading CEM
            • Prepare to upgrade the module
            • Upgrade the module
          • Configuring CEM
            • Overview of configuration options
            • How to configure the module: Examples and guidelines
              • Basic configuration examples
              • Advanced configuration example
              • Run Desired State Configuration resources as a specific user
              • Allow local accounts to access nodes
              • Enforce specific rules
              • Ignore specific rules
              • Customize rules
              • Rename the Administrator and Guest accounts
          • Reference: Benchmarks and controls
            • Control updates introduced for CIS Microsoft Windows 10 Enterprise Benchmark v2.0.0
            • Control updates introduced for CIS Microsoft Windows Server 2019 Benchmark v2.0.0
            • Control updates introduced for CIS Microsoft Windows Server 2016 Benchmark v2.0.0
            • Control updates introduced for CIS Microsoft Windows Server 2016 Benchmark v1.4.0
        • Copyright and trademark notices

        Docs Grey arrow pointing right undefined Grey arrow pointing right CEM for Linux Grey arrow pointing right Getting started Grey arrow pointing right Next steps Grey arrow pointing right

        Next steps

        After you are familiar with the basic concepts, you can take the next steps.

        1. To prepare for the installation and install CEM, follow the instructions in Installing CEM.
        2. To configure CEM, follow the instructions in Configuring CEM.
        Was this page helpful?

        Thank you for your feedback! Please enter your feedback

        We’re sorry to hear that!
        Please tell us why so we can help.         Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. To learn about how Puppet uses your personal information, visit our privacy policy.
        Please enter your feedback and contact email

        If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

        See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.

        Puppet by Perforce gives IT operations teams back their time and offers peace of mind with infrastructure automation that enables security and compliance.

        • Legal
        • Privacy Policy
        • Terms of Use
        • Security
        • © 2025 Puppet, Inc., a Perforce company. All rights reserved.

        Puppet and other identified trademarks are the property of Puppet, Inc., Perforce Software, Inc., or an affiliate. Such trademarks are claimed and/or registered in the U.S. and other countries and regions. All third-party trademarks are the property of their respective holders. References to third-party trademarks do not imply endorsement or sponsorship of any products or services by the trademark holder. Contact Puppet, Inc., for further details.