DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More Topics
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevOps Practice » Puppet Adds CIS Benchmark Compliance Service

Puppet

Puppet Adds CIS Benchmark Compliance Service

By: Mike Vizard on May 21, 2020 Leave a Comment

Puppet this week announced it has added a service that makes it easier to achieve compliance with benchmarks defined by the Center for Internet Security (CIS).

Recent Posts By Mike Vizard
  • Observe, Inc. Dives Deeper Into Observability
  • Nobl9 Shares SLO-as-Code Methodology
  • Progress Expands Scope of Compliance-as-Code Capabilities
More from Mike Vizard
Related Posts
  • Puppet Adds CIS Benchmark Compliance Service
  • Progress Expands Scope of Compliance-as-Code Capabilities
  • Russian Dev Exodus | Puppet IPO FAIL | Intel 18A Ahead of Sched.
    Related Categories
  • Blogs
  • DevOps Practice
    Related Topics
  • Center for Internet Security
  • CIS
  • compliance
  • Puppet
Show more
Show less

Yasmin Rajabi, global services strategy manager at Puppet, said the CIS Service offering from Puppet extends the ability to manage infrastructure as code into the realm of compliance. Via the service, analysts hired by Puppet will now scan infrastructure on behalf of customers and then generate a report identifying which machines do not meet CIS benchmarks.

DevOps/Cloud-Native Live! Boston

The service also provides a list of the controls that pass or fail per node as well as scores intended to help IT teams triage issues, said Rajabi. If any drift from a previous level of compliance is detected, IT teams can then use Puppet tools to return those machines to a previous state, she noted.

The goal is to make available a service that automates what would otherwise be a time-consuming monotonous task internal IT teams normally would have to do themselves using scripts they would have to develop, she added.

Rajabi said Puppet decided to focus on CIS benchmarks because they are often considered foundational for any number of compliance mandates. Achieving CIS benchmark compliance is about 60% to 70% of the work that might be required to achieve mandates that are required in various vertical industry segments.

As IT environments become more complex many IT teams don’t have the time to manually assess their compliance with multiple mandates. However, because of audits many IT organizations wind up devoting a significant amount of time to compliance assessments. The CIS Service from Puppet offloads that tasks from IT departments in a way that produces reports that can be shared easily with an auditor, said Rajabi.

It’s not clear to what degree compliance is about to shift left along with cybersecurity. What is certain is in the wake of the COVID-19 pandemic IT teams will be looking to automate every process imaginable simply because there may be no other way to accomplish a task. Many IT organizations have already either frozen headcount or been forced to reduce the size of their existing IT staff. A service that outsources a compliance process to specialists that are better equipped to handle that task might be a timely alternative.

Whatever the motivation, most IT teams have no trouble finding ways to contribute to their organization that add a lot more value than achieving compliance. In fact, because most IT teams tend to give the compliance process short shrift because of other pressing demands on their time it’s likely mistakes will be made. Specialists who spend all their time on compliance assessments are likely to do a much better job in a fraction of the time. The challenge is making sure the IT staff doesn’t view that service as an existential threat to its existence. Of course, if they do, chances are high that the IT team in question has much bigger issues to address than simply making sure the right compliance report is being generated at the right time.

Filed Under: Blogs, DevOps Practice Tagged With: Center for Internet Security, CIS, compliance, Puppet

Sponsored Content
Featured eBook
The 101 of Continuous Software Delivery

The 101 of Continuous Software Delivery

Now, more than ever, companies who rapidly react to changing market conditions and customer behavior will have a competitive edge.  Innovation-driven response is successful not only when a company has new ideas, but also when the software needed to implement them is delivered quickly. Companies who have weathered recent events ... Read More
« DXC Introduces Corporate Incident Response Application to Help Businesses Proactively Reduce Risk
Growth vs. Sustainability »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Modernizing Jenkins Pipelines With CD Automation
Tuesday, May 17, 2022 - 11:00 am EDT
Applying the 2022 OSSRA Findings to Software Supply Chain Risk Management
Tuesday, May 17, 2022 - 1:00 pm EDT
Getting Mainframe and IBM i Data to Snowflake
Tuesday, May 17, 2022 - 3:00 pm EDT

Latest from DevOps.com

15 Ways Software Becomes a Cyberthreat
May 13, 2022 | Anas Baig
Top 3 Requirements for Next-Gen ML Tools
May 13, 2022 | Jervis Hui
Progress Expands Scope of Compliance-as-Code Capabilities
May 12, 2022 | Mike Vizard
How Waterfall Methodologies Stifle Enterprise Agility
May 12, 2022 | Jordy Dekker
How to Secure CI/CD Pipelines With DevSecOps
May 11, 2022 | Ramiro Algozino

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

Hybrid Cloud Security 101
New call-to-action

Most Read on DevOps.com

Agile/Scrum is a Failure – Here’s Why
May 10, 2022 | Richi Jennings
How Waterfall Methodologies Stifle Enterprise Agility
May 12, 2022 | Jordy Dekker
How to Secure CI/CD Pipelines With DevSecOps
May 11, 2022 | Ramiro Algozino
Update Those Ops Tools, Too
May 11, 2022 | Don Macvittie
The COVID-19 Pandemic’s Lasting Impact on Tech
May 11, 2022 | Natan Solomon

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.