homeproductspuppet comply

Puppet Comply

Automate and enforce policy as code.

Achieving continuous compliance is easier than you think.

Request a demo Read the solution brief

Puppet Comply screenshot and user

What is Puppet Comply?

Puppet Comply enables continuous compliance monitoring across hybrid infrastructure with less overhead and manual work. 

  • Get a holistic view of your organization’s compliance status throughout cloud and on-prem environments
  • Conduct regular scans to identify and remediate failures on a consistent basis
  • Enforce desired state policy as code with expert-built content and modules configured to your environment
Puppet Comply screenshot and user
By 2023, 60% of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains, improving their lead time by at least 20%.
Innovation Insight for Continuous Compliance Automation, Gartner
CEM final.mp

Compliance Enforcement Modules

Compliance Enforcement Modules (CEM) from Puppet take the manual work out of continuous compliance management. These Puppet-created and supported modules are designed to accelerate time-to-value by providing you with self-enforcing policy as code.

Compliance Enforcement Modules enable you to:

  • Scan your infrastructure and assess your compliance status with CIS benchmarks
  • Identify and remediate the cause and source of compliance issues and determine which configuration changes must be made to your systems
  • Maintain compliance audit readiness and stay fully up to date with the latest benchmark versions
  • Automate exception handling by creating custom profiles that allow you to enable or disable specific rules in a benchmark
CIS Benchmarks RGB TM
CIS Benchmarks RGB TM

Define a secure baseline with CIS Benchmarks™

Puppet Comply assesses your infrastructure against CIS Benchmarks, a set of guidelines for secure system configuration from the Center for Internet Security (CIS).

Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, and ISO/IEC 27001.

Screenshot of compliance dashboard results in Puppet Comply

Get a holistic view of compliance status

  • Know exactly which settings and configurations need to be applied to each system by mapping controls to your infrastructure — using classification data such as operating system, version, role, and environment.
  • Don’t waste time chasing false positives. Quickly identify the cause and source of compliance issues with node-level scan results, and drill into benchmark details for guidance on how to remediate failures.
  • Eliminate manual exception handling. Define custom profiles to disable the rules you don’t want to enforce and scan only for the ones that apply.
Screenshot of compliance dashboard results in Puppet Comply
Comply Detailed Activity Feed
Comply Detailed Activity Feed

Verify remediation with on-demand scans

  • Enable IT operations teams to run their own scans to immediately verify that failures have been remediated and that systems have been brought under compliance.
  • Close the gap between remediation and the next scan, when systems may be out of compliance without your knowledge.
  • Eliminate bottlenecks caused by cross-functional dependencies, such as coordination of scanning windows.
web icon automation
Remediate compliance failures at scale

Remediate failures and establish a baseline for compliance standards using modules created by Puppet experts and configured to your environment.

web icon Learn
Automate policy enforcement with compliance as code

Define compliance policy as code to incorporate compliant configurations into your baseline, automatically apply the appropriate settings to every system in your infrastructure, and enforce a compliant state with automatic drift detection and correction.

web icon compliance
Reduce the burden of audit preparation

Audits don’t have to be an expensive fire drill. Prove infrastructure-wide compliance with reports that are easy to generate and understand.

We can generate a report for the exact data [auditors] are looking for. If someone were to request a list of Windows servers in dev running an outdated agent, we can easily drill down into specifics using the intuitive Puppet console. We keep track of compliance and security on a very continuous basis.
Mohinder Singh, Senior Cloud Engineer, Guardian Life