Security Compliance Management terminology
Learn the key terms that are associated with Security Compliance Management (SCM).
CIS Benchmarks
Developed by the Center for Internet Security (CIS), CIS Benchmarks are internationally recognized standards and best practices for securely configuring systems. For more information, see CIS Benchmarks.
CIS assessor
Security Compliance Management integrates with the CIS assessor (CIS-CAT PRO), the scanner tool that assesses CIS benchmarks. As part of the Security Compliance Management configuration process, Puppet Enterprise (PE) installs the CIS assessor on your target nodes. For more information on the assessor, see CIS-CAT Pro.
Profiles
CIS Benchmarks include different levels of security settings, called profiles. The Level 1 profiles are the base recommendation for every system, and the Level 2 profiles are intended for environments requiring greater security. Security Compliance Management can scan for either profile.
Rules
Each profile contains multiple rules that define specific elements of system configuration.
Custom profiles
A custom profile is a benchmark profile that you customize to fit your organization's internally defined standards, by specifying which rules you want visible in scan reports. Once you create a custom profile, it appears as an option in Security Compliance Management when selecting a benchmark and profile.
Desired compliance
Desired compliance is the benchmark and profile that you assign to a node. It becomes the default scan for that node.
For a full list of Puppet® terminology, see the Puppet Glossary.