Puppet Enterprise helps agencies enforce security policies, define desired state and automatically monitor changes against that baseline.
Puppet automatically remediates systems back to their compliant state, when a change is detected. This serves as an important security control for Risk Management Framework (RMF) programs.
STIG and other compliance activities are reduced from weeks or days down to minutes. Now you can automate the laborious processes of bringing sprawling IT infrastructures into compliance with security configuration policies, keeping them in compliance, and producing audit trails to demonstrate compliance.
DevSecOps teams can model security-compliant IT environments — whether cloud-based or on premises — in an automated fashion to develop and test software so new applications run, operate, and are secure as expected. Moreover, with a common language, teams can successfully adopt DevSecOps practices, such as version control, code review, automated testing, continuous integration and automated deployment.
Robust, automated, real-time reporting capabilities satisfy Command Cyber Readiness Inspections (CCRIs), inspector general’s audits, or internal security team audits. You can easily push out new security configurations and document those steps.
With rich, graphical reporting, security teams and auditors know exactly how infrastructures and applications are configured. Track changes in real time, including who made changes and why — which translates into quicker, less costly audits and faster remediation of any issues that arise due to configuration changes.
Automate the laborious processes involved in managing security compliance, IT infrastructure administration, and software delivery so agencies’ IT staffs can focus more on innovation, not maintenance.
NASA SEWP GWAC