BlogContact SalesTry Puppet 
Search Puppet.com

Puppet is the industry standard for IT automation.

Modernize, manage and bring your hybrid infrastructure into compliance through Puppet's powerful continuous automation.

Guidebook
Use Cases
Puppet Enterprise LogoGet Puppet Enterprise

First 10 nodes are free!

Products
Pricing & Packaging
Integrations
Puppet Education Logo
Puppet Education

Puppet Education is your learning portal for tools and best practices to address common business challenges.

Professional services
Support
Custom consulting services

Get up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Puppet Forge

Find thousands of component modules built by the community and guidance on using them in your own infrastructure.

EcosystemOpen Source Projects
Community
Contribute
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Product Documentation
Resource library
Customers
Partners
Featured Partners
Servicenow Logo
Splunk Logo
Puppet Events
About Us

Puppet automates your infrastructure so you can innovate. We find, fix, and predict in order to prevent surprises and maintain your desired state.

Puppet by PerforceWorking at Puppet by Perforce
Press & news
Events
It's our community that makes Puppet great. Connect with Puppet users and employees.
homeproductspuppet comply

Puppet Comply

Automate and enforce policy as code.

Achieving continuous compliance is easier than you think.

Request a demo Read the solution brief

Puppet Comply screenshot and user

What is Puppet Comply?

Puppet Comply enables continuous compliance monitoring across hybrid infrastructure with less overhead and manual work. 

  • Get a holistic view of your organization’s compliance status throughout cloud and on-prem environments
  • Conduct regular scans to identify and remediate failures on a consistent basis
  • Enforce desired state policy as code with expert-built content and modules configured to your environment
Puppet Comply screenshot and user
By 2023, 60% of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains, improving their lead time by at least 20%.
Innovation Insight for Continuous Compliance Automation, Gartner
ebook
How a Policy as Code Approach to Compliance Benefits Your Organizationebook
CEM final.mp

Compliance Enforcement Modules

Compliance Enforcement Modules (CEM) from Puppet take the manual work out of continuous compliance management. These Puppet-created and supported modules are designed to accelerate time-to-value by providing you with self-enforcing policy as code.

Compliance Enforcement Modules enable you to:

  • Scan your infrastructure and assess your compliance status with CIS benchmarks
  • Identify and remediate the cause and source of compliance issues and determine which configuration changes must be made to your systems
  • Maintain compliance audit readiness and stay fully up to date with the latest benchmark versions
  • Automate exception handling by creating custom profiles that allow you to enable or disable specific rules in a benchmark
CIS Benchmarks RGB TM
CIS Benchmarks RGB TM

Define a secure baseline with CIS Benchmarks™

Puppet Comply assesses your infrastructure against CIS Benchmarks, a set of guidelines for secure system configuration from the Center for Internet Security (CIS).

Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, and ISO/IEC 27001.

Screenshot of compliance dashboard results in Puppet Comply

Get a holistic view of compliance status

  • Know exactly which settings and configurations need to be applied to each system by mapping controls to your infrastructure — using classification data such as operating system, version, role, and environment.
  • Don’t waste time chasing false positives. Quickly identify the cause and source of compliance issues with node-level scan results, and drill into benchmark details for guidance on how to remediate failures.
  • Eliminate manual exception handling. Define custom profiles to disable the rules you don’t want to enforce and scan only for the ones that apply.
Screenshot of compliance dashboard results in Puppet Comply
Comply Detailed Activity Feed
Comply Detailed Activity Feed

Verify remediation with on-demand scans

  • Enable IT operations teams to run their own scans to immediately verify that failures have been remediated and that systems have been brought under compliance.
  • Close the gap between remediation and the next scan, when systems may be out of compliance without your knowledge.
  • Eliminate bottlenecks caused by cross-functional dependencies, such as coordination of scanning windows.
web icon automation
Remediate compliance failures at scale

Remediate failures and establish a baseline for compliance standards using modules created by Puppet experts and configured to your environment.

web icon Learn
Automate policy enforcement with compliance as code

Define compliance policy as code to incorporate compliant configurations into your baseline, automatically apply the appropriate settings to every system in your infrastructure, and enforce a compliant state with automatic drift detection and correction.

web icon compliance
Reduce the burden of audit preparation

Audits don’t have to be an expensive fire drill. Prove infrastructure-wide compliance with reports that are easy to generate and understand.

We can generate a report for the exact data [auditors] are looking for. If someone were to request a list of Windows servers in dev running an outdated agent, we can easily drill down into specifics using the intuitive Puppet console. We keep track of compliance and security on a very continuous basis.
Mohinder Singh, Senior Cloud Engineer, Guardian Life
customer-story
Guardian Liferead the customer story
Puppet by Perforce gives IT operations teams back their time and offers peace of mind with infrastructure automation that enables security and compliance.
LegalPrivacy PolicyTerms of UseSecurity
© 2022 Puppet, Inc., a Perforce company