One federal agency in the energy sector leveraged Puppet to take their Linux servers from 30% to 98% STIG compliance while saving a considerable amount on fines paid for noncompliance and gaining complete visibility over their infrastructure.
The National Security Agency (NSA) used Puppet as the underlying foundation for its Systems Integrity Management Platform (SIMP) to enable compliance with any major security standard.
Puppet announces GSA listing, Carahsoft partnership
Puppet Enterprise helps achieve security compliance with the Essential Eight
Australia plans to be one of the top three digital governments by 2025. The Australian Cyber Security Centre (ACSC) maps out the government’s approach to cyber security. A key tenet of the ACSC’s recommendations are the Essential Eight, a checklist of the eight crucial mitigation techniques to which non-corporate government entities must adhere in order to meet federal security compliance standards.
With Puppet Enterprise, you can deliver the controls and methods required to support compliance with six and a half of the Essential Eight.
|User application hardening||√|
|Restrict administrative privileges||√|
|Patch operating systems||√|
|Regular backups||1/2 √|
To learn more about how Puppet Enterprise supports the Essential Eight, read the blog post and download the special Puppet Enterprise for Australian Government packet.
Effortlessly achieve and maintain intelligent, continuous compliance with a wide variety of government platform and security standards.
Reduce transformation program costs by automating deployment and management, ensuring configuration changes don’t wreak havoc on mission-critical systems.
Puppet Enterprise helps agencies enforce security policies, define the desired state, and automatically monitor changes against that baseline—every 30 minutes.
Puppet automatically remediates systems back to their compliant state when a change is detected. This serves as an important security control for Risk Management Framework (RMF) programs.
STIG and other compliance activities are reduced from weeks or days down to minutes.
With Puppet Comply, you can assess your infrastructure against CIS and STIG Benchmarks, two sets of guidelines for secure system configuration from the Center for Internet Security (CIS) and the Defense Information Systems Agency respectively, and use Puppet Enterprise to enforce and bring sprawling IT infrastructures into compliance.
Keep deployment surprises to a minimum and make sure new apps are secure and operate as expected.
Agency DevSecOps teams can model any security-compliant IT environment—on-premises or in the cloud—then run apps in that simulated environment in an automated fashion.