Security Baselines,
Made Easy.

Supported Ansible content that automates security baselining on operating systems, applications, and infrastructure.
WATCH DEMOCONTACT US

Value

Save time

Spend time making sure environments are compliant, not writing and maintaining 100s of automation rules for each baseline, and trust that we'll keep the automation content updated when baselines or platforms change.

Increase compliance

Focus your efforts on applying baseline automations across infrastructure, integrating them into your deployment, management, reporting, and CI/CD processes, and expanding the teams participating in compliance.

Flexiblity that Scales

Because you can't apply every baseline control without consequences (like breaking your app). Choose what you do and don't apply, and continue your validation and remediation practices across the lifecycle of your application.

Features

In order to achieve DevSecOps, you need automated security content. We built Lockdown Enterprise with development, security and operations teams in mind.

Apply individual categories

- name: Security Stack
  
hosts: someServers
  
roles:
    - role: rhel7-stig
      rhel7stig_cat1: yes

Exclude rules

- name: Security Stack
  
hosts: someServers
  
roles:
    - role: rhel7-stig
      exclude:
      - 'RHEL-07-010020'

Tailored logic

- name: Security Stack
  
hosts: someServers
  
roles:
    - role: rhel7-stig
      
rhel7stig_lftpd_required: yes
      rhel7stig_firewall_service: iptables

Getting started is as easy as using Ansible to automate.

Platforms and Pricing

Currently Supported

Red Hat Enterprise Linux 7 STIG
CentOS 7 STIG
Oracle Enterprise Linux 7 STIG
Windows Server 2016 STIG
Windows 10 STIG
PostgreSQL 9 STIG

Coming Soon

Red Hat Enterprise Linux 7 and CentOS 7 CIS
Windows Server 2016 CIS
Windows Server 2019 STIG and CIS
‍Amazon Linux 2 STIG and CIS
Tomcat 8 and 9 STIG


No host or node counting required. Ever.

Platform Baselines are $25,000 per year.
Application Baselines are $12,500 per year.

Each baseline subscription can be used how you see fit and on as many hosts or containers as you need. No additional licensing required.
Ask yourself: how much are you spending doing this on your own?

Support

The support for your security demands

Instead of working through issues on your own, we're here to support you. Included in every subscription:

Community

Join our community

GitHub

Upstream roles are split across multiple repositories, but we do keep track of them from the central Ansible-lockdown repo.

Mailing List

Have questions, ideas, or something else you want to share with the community? Check out our public mailing list.

IRC

Want to chat directly with the community? Find us on #ansible-lockdown on Freenode.

Resources

Learn more

The Lockdown Enterprise Value: Why Use Us?

Download a datasheet summarizing the value Lockdown Enterprise brings to security-conscious organizations.

Why Ansible is Great for Security Baselines

Learn about the three key reasons why using Ansible as the foundation for your security baselining requirements makes so much sense.