homeproductspuppet comply
product web COMPLY

Puppet Comply

Automate and enforce policy as code.
Achieve continuous compliance without sacrificing agility.
Request a demo Read the solution brief 

What is Puppet Comply?

Puppet Comply enables continuous compliance across hybrid infrastructure with less overhead and manual work. Get a holistic view of compliance status throughout cloud and on-prem environments, generate reports to easily prove that systems remain in check, and enforce immutable policy as code with expert-built content and modules configured to your environment.

By 2023, 60% of organizations in regulated verticals will have integrated compliance as code into their DevOps toolchains, improving their lead time by at least 20%.
Innovation Insight for Continuous Compliance Automation, Gartner, August 2020
CIS Benchmarks RGB TM
CIS Benchmarks RGB TM

Define a secure baseline with CIS Benchmarks™

Puppet Comply assesses your infrastructure against CIS Benchmarks, a set of guidelines for secure system configuration from the Center for Internet Security (CIS).
Developed by a community of cybersecurity experts, CIS Benchmarks are widely adopted by organizations worldwide and serve as a baseline for many common regulatory requirements, including PCI, NIST and FISMA, HIPAA, GDPR, ISO/IEC 27001.
Dashboard Scan Results

Get a holistic view of compliance status

Puppet Comply scans your hybrid infrastructure to assess compliance with CIS Benchmarks, providing a clear view of compliance status for each node in your estate.

  • Puppet Comply maps controls to your infrastructure — using classification data such as operating system, version, role, and environment — so you know exactly which settings and configurations need to be applied to each system.
  • Don’t waste time chasing false positives. Quickly identify the cause and source of compliance failures with node-level scan results, and drill into benchmark details for guidance on how to remediate failures.
  • Eliminate manual exception handling. Define custom profiles to disable the rules you don’t want to enforce and scan only for the ones that apply.
Dashboard Scan Results
Comply Detailed Activity Feed
Comply Detailed Activity Feed

Verify remediation with on-demand scans

Enable IT Operations teams to take a proactive approach to compliance. With Puppet Comply, Ops teams can run their own scans to immediately verify that failures have been remediated and that systems have been brought under compliance.

  • Close the gap between remediation and the next scan, when systems may be out of compliance without your knowledge.
  • Eliminate bottlenecks caused by cross-functional dependencies, such as coordination of scanning windows.

Remediate compliance failures at scale

Remediate failures and establish a baseline for compliance using modules created by Puppet experts and configured to your environment.

web icon automation
Automate Configurations

Define compliant configurations once and automatically apply them to hundreds or thousands of nodes, whether they live in the cloud or on premises.

web icon Learn
Expert Knowledge

Bridge skill and resource gaps by leveraging Puppet expertise.

web icon compliance
Maintain Benchmarks

Enable your team to maintain compliance with a documented framework for making changes and addressing benchmark updates.

Automate policy enforcement with compliance as code


Define compliance policies as code to incorporate compliant configurations into your baseline, automatically apply the appropriate settings to every system in your infrastructure, and enforce a compliant state with automatic drift detection and correction.

  • Puppet Enterprise continuously checks your infrastructure against the baseline configurations you’ve defined and makes a corrective change if a system drifts from its compliant state.
  • Apply policies to node groups classified by operating system, role, or environment, so new systems automatically inherit environment-specific configurations.
We can generate a report for the exact data [auditors] are looking for. If someone were to request a list of Windows servers in dev running an outdated agent, we can easily drill down into specifics using the intuitive Puppet console. We keep track of compliance and security on a very continuous basis.
Mohinder Singh, Senior Cloud Engineer, Guardian Life
puppet docs comply
puppet docs comply

Reduce the burden of audit preparation

Audits don’t have to be an expensive fire drill. Prove infrastructure-wide compliance with reports that are easy to generate and understand.

  • Generate automatically updated reports that depict the current state of your infrastructure and can be easily interpreted without deep technical knowledge.
  • Demonstrate a consistent, reliable process for each stage of the compliance lifecycle — from assessment to remediation to enforcement.
  • Conduct regular scans to identify and remediate failures on a regular basis, so you can be confident in your compliance posture before an audit.