STIG and CIS Compliance Automation

With Ansible Lockdown you can automate, validate, and remediate system configuration compliance to NIST, PCI, HIPAA, and other regulatory requirements.

Watch DemoLearn More

Why Automate with Ansible Lockdown
Baselines like STIG and CIS don't need to be so difficult. Lockdown's Ansible content collection is designed and built to be as flexible as it is powerful.

Colorful code on a screen.

Compliance belongs in code

Delivering compliance across your infrastructure requires a significant amount of automated content. Content that you used to have to write and maintain yourself. Not anymore. Compliance configurations live right next to your application and deployment code. Override specific requirements on a system-by-system basis. You have complete control.

People typing on laptops.

DevSecOps delivered

Applying CIS (Center for Internet Security) or STIG (Secure Technical Implementation Guides) is a must-have to meet PCI, HIPAA, NIST, CMMC, FedRAMP and other regulatory compliance requirements. However, it's still challenging because automation at this scale and complexity is hard (trust us, we know!). This is where we come in.

Man holding card saying "There are Rules"

A lifecycle of compliance

Compliance can’t just happen at build time, it needs be at run time, too. Can your existing tools and process accommodate changes to compliance requirements and repeatedly enforce a desired state across the entire system or application lifecycle? If not, that’s just more work for your teams, and more risk to your business.

Coverage for STIG and CIS Requirements. Easy, fast, and secure.

Platform

AMAZON Linux 2
AMAZON Linux 2023
Debian 12 | 11
RHEL 9 | Rocky 9 | Alma 9
RHEL 8 | Rocky 8 | Alma 8
RHEL 7 | Rocky 7 | Alma 7
Ubuntu 24 | 22 | 20 | 18
Windows 11 Windows 1
Windows Server 2022 | 2019 | 2016
Windows Firewall and Advanced Security

Cloud

Azure
AWS Foundations

Containers

Kubernetes 1.6.1

Applications

Apache HTTP
Apache Tomcat 9
PostgreSQL 12
PostgreSQL 9

Networking

CISCO IOS L2S Switches

Custom Requirements

We can automate and support nearly any custom requirement.

Automate remediation. Supercharge yourself.

MORE BENEFITS ->
Increase compliance

Increase compliance

Compliance is risk management, and while compliance and security are not the same thing, properly applied compliance frameworks absolutely increase system security as well. Using Lockdown Enterprise to automate baseline application on a continual basis will increase overall environment compliance to important compliance frameworks.
Save time

Save time

Let the computers do the work for you! Using our pre-built and tested automation lets you focus on other things. Our team of security and Ansible experts have already spent thousands of hours perfecting each baseline control. Spend your time automating compliance, not authoring hundreds of automated controls. And audit cycles become drastically easier to handle.
Reduce cost

Reduce cost

One set of content will work across your entire environment, no additional per-system licensing needed. Avoid additional costs for a variety of compliance tools and return the time you save into more valuable projects.

We've spent our careers dealing with baselines.
Ansible Lockdown was designed to solve your baseline challenges.

Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.

Customizable

Turn individual rules on or off or disable entire classes or categories. Configuration options are just Ansible variables, so changing what controls are applied per host, or per best practices, is as simple as changing a variable at execution time.

Deploy compliant and secure systems

Apply Lockdown content to systems at deployment time to ensure your newly deployed applications are compliant from day zero.

Flexible output

Automatically copy scoring runs to a SIEM or central logging location of your choice.

Ongoing compliance validation

Lockdown Enterprise Roles can be run in a validation (think check mode) or remediation mode. Safely see what controls will be applied before making the decision to remediate them.

Open source

Lockdown Enterprise is a MindPoint Group led and sponsored, with a community of contributors that help make the Roles continuously better.

Yes, there's a demo.  Check out the RHEL 9 CIS Role being applied using Red Hat Ansible.

Built for teams. Automation is required for DevOps, and you can't implement DevSecOps without automated security and baseline content. Lockdown is built for IT Operations, Development, Security, DevOps, and any other team

HOW YOU CAN USE IT ->

IT Operations

Use Lockdown Enterprise content to remediate systems as you deploy them. Integrate compliance automation into your existing systems management framework by using the compliance content to validate your systems’ baseline compliance standards. Rest easy knowing your systems are secured and compliant to standards, and quickly identify and correct configuration drift as it happens.

Test and QA Engineers

Lockdown Enterprise Ansible Roles enable you to keep your test and QA environments more closely configured to production, ensuring that when applications reach you for testing and ultimate deployment, they’ll behave and function as expected.

Development

Ever worked on an application that works everywhere except production? Chances are compliance is to blame. Lockdown Enterprise content enables you to configure your development environment to more closely resemble production. Use our Lockdown Roles to repeatedly deploy your development environments in any infrastructure you’re comfortable with. It’s even container aware.

Features. Lockdown is built by automation and security experts that know the pain of baselines.

ALL FEATURES ->

Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.

Automate On

Ready to start automating your compliance controls?