With Ansible Lockdown you can automate, validate, and remediate system configuration compliance to NIST, PCI, HIPAA, and other regulatory requirements.
Watch DemoLearn MoreDelivering compliance across your infrastructure requires a significant amount of automated content. Content that you used to have to write and maintain yourself. Not anymore. Compliance configurations live right next to your application and deployment code. Override specific requirements on a system-by-system basis. You have complete control.
Applying CIS (Center for Internet Security) or STIG (Secure Technical Implementation Guides) is a must-have to meet PCI, HIPAA, NIST, CMMC, FedRAMP and other regulatory compliance requirements. However, it's still challenging because automation at this scale and complexity is hard (trust us, we know!). This is where we come in.
Compliance can’t just happen at build time, it needs be at run time, too. Can your existing tools and process accommodate changes to compliance requirements and repeatedly enforce a desired state across the entire system or application lifecycle? If not, that’s just more work for your teams, and more risk to your business.
AMAZON Linux 2
AMAZON Linux 2023
Debian 12 | 11
RHEL 9 | Rocky 9 | Alma 9
RHEL 8 | Rocky 8 | Alma 8
RHEL 7 | Rocky 7 | Alma 7
Ubuntu 24 | 22 | 20 | 18
Windows 11 Windows 1
Windows Server 2022 | 2019 | 2016
Windows Firewall and Advanced Security
Azure
AWS Foundations
Kubernetes 1.6.1
Apache HTTP
Apache Tomcat 9
PostgreSQL 12
PostgreSQL 9
CISCO IOS L2S Switches
We can automate and support nearly any custom requirement.
Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.
Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.
We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.
Turn individual rules on or off or disable entire classes or categories. Configuration options are just Ansible variables, so changing what controls are applied per host, or per best practices, is as simple as changing a variable at execution time.
Apply Lockdown content to systems at deployment time to ensure your newly deployed applications are compliant from day zero.
Automatically copy scoring runs to a SIEM or central logging location of your choice.
Lockdown Enterprise Roles can be run in a validation (think check mode) or remediation mode. Safely see what controls will be applied before making the decision to remediate them.
Lockdown Enterprise is a MindPoint Group led and sponsored, with a community of contributors that help make the Roles continuously better.
Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.
Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.
We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.