Enforce CIS and STIG best practices
Security Compliance Management provides visibility into your compliance status, but it cannot automatically fix compliance issues. To fix issues and enforce server configurations that comply with the security best practices outlined in CIS benchmarks and DISA STIGs, you can use Security Compliance Enforcement (SCE). SCE, previously known as CEM, is a premium package from Puppet by Perforce.
If you have Puppet Enterprise or open source Puppet installed, you can implement CIS and STIG best
practices by deploying one or more SCE modules and
running Puppet. SCE
consists of two premium Puppet modules: sce_linux
and sce_windows
(previously cem_linux
and cem_windows
). Both modules are fully supported by Puppet. You can deploy the modules to automatically
enforce CIS or STIG controls, also known as rules, across your infrastructure.
Getting access to SCE
- To implement the full range of Puppet capabilities for infrastructure maintenance, monitoring, and compliance enforcement, purchase the product suite: Puppet Enterprise Advanced. Puppet Enterprise Advanced includes Puppet Enterprise (PE), Security Compliance Management, SCE, Continuous Delivery, and Impact Analysis.
- To obtain SCE separately, purchase a premium subscription. After activating your subscription, you can log in to your Puppet Forge account and generate an API token on your profile page. Then, you can download and install the modules. For more information, see Puppet Forge Premium Content.
- If you have an active subscription to the Compliance Enforcement Modules (CEM), you are automatically granted access to the SCE modules.
To purchase Puppet Enterprise (PE) Advanced or an SCE subscription, complete the form on the Puppet website to receive a call from a Puppet by Perforce sales representative.
For detailed information about SCE, see Welcome to Security Compliance Enforcement.