Security Baselines,
Made Easy.

Supported Ansible content that automates security baselining on operating systems, applications, and infrastructure.


Save time

Spend time making sure environments are compliant, not writing and maintaining 100s of automation rules for each baseline, and trust that we'll keep the automation content updated when baselines or platforms change.

Increase compliance

Focus your efforts on applying baseline automations across infrastructure, integrating them into your deployment, management, reporting, and CI/CD processes, and expanding the teams participating in compliance.

Flexiblity that Scales

Because you can't apply every baseline control without consequences (like breaking your app). Choose what you do and don't apply, and continue your validation and remediation practices across the lifecycle of your application.


In order to achieve DevSecOps, you need automated security content. We built Lockdown Enterprise with development, security and operations teams in mind.

Apply individual categories

- name: Security Stack
hosts: someServers
    - role: rhel7-stig
      rhel7stig_cat1: yes

Exclude rules

- name: Security Stack
hosts: someServers
    - role: rhel7-stig
      - 'RHEL-07-010020'

Tailored logic

- name: Security Stack
hosts: someServers
    - role: rhel7-stig
rhel7stig_lftpd_required: yes
      rhel7stig_firewall_service: iptables

Getting started is as easy as using Ansible to automate.

Platforms and Pricing

Currently Supported

Red Hat Enterprise Linux 7 STIG and CIS
CentOS 7 STIG and CIS
Oracle Enterprise Linux 7 STIG
Windows Server 2016 STIG
Windows 10 STIG
PostgreSQL 9 STIG

Coming Soon

Red Hat Enterprise Linux 7 and 8 DFARS
Windows Server 2016 CIS
Windows Server 2016, 2019 DFARS
Windows Server 2019 STIG and CIS
‍Amazon Linux 2 STIG and CIS
Tomcat 8 and 9 STIG

No host or node counting required. Ever.

Platform Baselines are $25,000 per year.
Application Baselines are $12,500 per year.

Each baseline subscription can be used how you see fit and on as many hosts or containers as you need. No additional licensing required.
Ask yourself: how much are you spending doing this on your own?


The support for your security demands

Instead of working through issues on your own, we're here to support you. Included in every subscription:


Join our community


Upstream roles are split across multiple repositories, but we do keep track of them from the central Ansible-lockdown repo.

Mailing List

Have questions, ideas, or something else you want to share with the community? Check out our public mailing list.


Want to chat directly with the community? Find us on #ansible-lockdown on Freenode.


Learn more

The Lockdown Enterprise Value: Why Use Us?

Download a datasheet summarizing the value Lockdown Enterprise brings to security-conscious organizations.

Why Ansible is Great for Security Baselines

Learn about the three key reasons why using Ansible as the foundation for your security baselining requirements makes so much sense.

Blog: It’s past time we modernized security hardening procedures

Learn how security baseline automation of STIG and CIS controls with Ansible is improving resource management and compliance.

Read the blog


STIG CIS Benchmark Automation with Ansible