Deploy STIG and CIS Compliant Infrastructure

Automate, validate, and remediate system configuration compliance to NIST, PCI, HIPPA, and other regulatory requirements using Ansible.

Watch DemoLearn More

Why Automate with Lockdown Enterprise: It's a full collection of Ansible Role content that makes it easy to meet regulatory and cybersecurity requirements.

Colorful code on a screen.

Compliance belongs in code

Delivering compliance across your infrastructure requires a significant amount of automated content. Content that you used to have to write and maintain yourself. Not anymore. Compliance configurations live right next to your application and deployment code. Override specific requirements on a system-by-system basis. You have complete control.

People typing on laptops.

DevSecOps delivered

Applying CIS and STIG to meet PCI, HIPPA, NIST, CMMC, FedRAMP or other regulatory compliance requirements is a hard requirement. However, it remains still a persistent challenge because automation at this scale and complexity is hard (trust us, we know!). Leave that to our experts.

Man holding card saying "There are Rules"

A lifecycle of compliance

Compliance can’t just happen at build time, it needs be at run time, too. Can your existing tools and process accommodate changes to compliance requirements and repeatedly enforce a desired state across the entire system or application lifecycle? If not, that’s just more work for your teams, and more risk to your business.

Full coverage for STIG and CIS Requirements,  make it fast and easy to secure your systems.

Microsoft Windows Server

Windows Server 2016
Windows Server 2019

Red Hat Enterprise Linux

RHEL 6, 7, and 8
CentOS 6, 7, and 8
Oracle Linux 6, 7, and 8


Apache Tomcat 9
Apache httpd 2.4
PostgeSQL 9

Custom Requirements

We can automate and support nearly any custom requirement.

Automate remediation,  supercharge yourself.


Increase compliance

Compliance is risk management, and while compliance and security are not the same thing, properly applied compliance frameworks absolutely increase system security as well. Using Lockdown Enterprise to automate baseline application on a continual basis will increase overall environment compliance to important compliance frameworks.

Save time

Let the computers do the work for you! Using our pre-built and tested automation lets you focus on other things. Our team of security and Ansible experts have already spent thousands of hours perfecting each baseline control. Spend your time automating compliance, not authoring hundreds of automated controls. And audit cycles become drastically easier to handle.

Reduce cost

One set of content will work across your entire environment, no additional per-system licensing needed. Avoid additional costs for a variety of compliance tools and return the time you save into more valuable projects.

Easy compliance for DevSecOps. Compliance and cybersecurity is everyone in IT’s responsibility. Whether your job is IT Operations, Development, Security, DevOps, or something else, our content is built for you to use. DevSecOps requires that teams collaborate and cooperate across functional areas. Doing that requires an easy way to define what compliance looks like. We made Lockdown Enterprise to be that way.


IT Operations

Use Lockdown Enterprise content to remediate systems as you deploy them. Integrate compliance automation into your existing systems management framework by using the compliance content to validate your systems’ baseline compliance standards. Rest easy knowing your systems are secured and compliant to standards, and quickly identify and correct configuration drift as it happens.

Test and QA Engineers

Lockdown Enterprise Ansible Roles enable you to keep your test and QA environments more closely configured to production, ensuring that when applications reach you for testing and ultimate deployment, they’ll behave and function as expected.


Ever worked on an application that works everywhere except production? Chances are compliance is to blame. Lockdown Enterprise content enables you to configure your development environment to more closely resemble production. Use our Lockdown Roles to repeatedly deploy your development environments in any infrastructure you’re comfortable with. It’s even container aware.

Features. Lockdown Enterprise is built by automation and security experts.


Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score using OpenSCAP. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.

Automate On

Ready to get on with it? Let's start automating those baselines already!