Try Puppet 
Search Puppet.com
Why Puppet

Puppet is the industry standard for IT automation.

Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.

Customers
Open source
Cloud & Hybrid Automation

Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.

Continuous Compliance

Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.

Scaling DevOps

Modernize faster with Puppet DevOps consulting and infrastructure as code.

Use Cases
Integrations
ProductsEcosystem
Pricing & PackagingGet Puppet Enterprise

First 10 Nodes are free!

Custom consulting services

Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Professional services
TrainingOpen source
Support
Puppet Compass Logo
Puppet Compass

Puppet Compass is your source for learning best practices to address common business challenges.

Get started
Resource library
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Puppet Events
Join us for a Puppet event

It's our community that makes Puppet great. Connect with Puppet users and employees.

Virtual events
Puppet CommunityContribute content
Connect
Puppet Events
About Us

Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.

Company
Press & news
Our voiceWorking at Puppet
product web COMPLY

Puppet Comply

Automate and enforce policy as code.
Achieve continuous compliance without sacrificing agility.
Request a demo Read the solution brief 

What is Puppet Comply?

Puppet Comply enables continuous compliance across hybrid infrastructure with less overhead and manual work. Get a holistic view of compliance status throughout cloud and on-prem environments, generate reports to easily prove that systems remain in check, and enforce immutable policy as code with expert-built content and modules configured to your environment.

By 2023, 60% of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains, improving their lead time by at least 20%.
Innovation Insight for Continuous Compliance Automation, Gartner, August 2020
CIS Benchmarks RGB TM
CIS Benchmarks RGB TM

Define a secure baseline with CIS Benchmarks™

Puppet Comply assesses your infrastructure against CIS Benchmarks, a set of guidelines for secure system configuration from the Center for Internet Security (CIS).
Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, ISO/IEC 27001.
Dashboard Scan Results

Get a holistic view of compliance status

Puppet Comply scans your hybrid infrastructure to assess compliance with CIS Benchmarks, providing a clear view of compliance status for each node in your estate.

  • Puppet Comply maps controls to your infrastructure — using classification data such as operating system, version, role, and environment — so you know exactly which settings and configurations need to be applied to each system.
  • Don’t waste time chasing false positives. Quickly identify the cause and source of compliance failures with node-level scan results, and drill into benchmark details for guidance on how to remediate failures.
  • Eliminate manual exception handling. Define custom profiles to disable the rules you don’t want to enforce and scan only for the ones that apply.
Dashboard Scan Results
Comply Detailed Activity Feed
Comply Detailed Activity Feed

Verify remediation with on-demand scans

Enable IT Operations teams to take a proactive approach to compliance. With Puppet Comply, Ops teams can run their own scans to immediately verify that failures have been remediated and that systems have been brought under compliance.

  • Close the gap between remediation and the next scan, when systems may be out of compliance without your knowledge.
  • Eliminate bottlenecks caused by cross-functional dependencies, such as coordination of scanning windows.

Remediate compliance failures at scale

Remediate failures and establish a baseline for compliance using modules created by Puppet experts and configured to your environment.

web icon automation
Automate Configurations

Define compliant configurations once and automatically apply them to hundreds or thousands of nodes, whether they live in the cloud or on premises.

web icon Learn
Expert Knowledge

Bridge skill and resource gaps by leveraging Puppet expertise.

web icon compliance
Maintain Benchmarks

Enable your team to maintain compliance with a documented framework for making changes and addressing benchmark updates.

Automate policy enforcement with compliance as code

WWM
WWM

Define compliance policies as code to incorporate compliant configurations into your baseline, automatically apply the appropriate settings to every system in your infrastructure, and enforce a compliant state with automatic drift detection and correction.

  • Puppet Enterprise continuously checks your infrastructure against the baseline configurations you’ve defined and makes a corrective change if a system drifts from its compliant state.
  • Apply policies to node groups classified by operating system, role, or environment, so new systems automatically inherit environment-specific configurations.
We can generate a report for the exact data [auditors] are looking for. If someone were to request a list of Windows servers in dev running an outdated agent, we can easily drill down into specifics using the intuitive Puppet console. We keep track of compliance and security on a very continuous basis.
Mohinder Singh, Senior Cloud Engineer, Guardian Life
customer-story
case studyGuardian Life
puppet docs comply
puppet docs comply

Reduce the burden of audit preparation

Audits don’t have to be an expensive fire drill. Prove infrastructure-wide compliance with reports that are easy to generate and understand.

  • Generate automatically updated reports that depict the current state of your infrastructure and can be easily interpreted without deep technical knowledge.
  • Demonstrate a consistent, reliable process for each stage of the compliance lifecycle — from assessment to remediation to enforcement.
  • Conduct regular scans to identify and remediate failures on a regular basis, so you can be confident in your compliance posture before an audit.

Request a demo

Want to see Puppet Comply firsthand? Complete the form and we’ll contact you to schedule a demo.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.