STIG and CIS Compliance Automation

With Ansible Lockdown you can automate, validate, and remediate system configuration compliance to NIST, PCI, HIPAA, and other regulatory requirements.

Watch DemoLearn More

Why Automate with Ansible Lockdown
Baselines like STIG and CIS don't need to be so difficult. Lockdown's Ansible content collection is designed and built to be as flexible as it is powerful.

Colorful code on a screen.

Compliance belongs in code

Delivering compliance across your infrastructure requires a significant amount of automated content. Content that you used to have to write and maintain yourself. Not anymore. Compliance configurations live right next to your application and deployment code. Override specific requirements on a system-by-system basis. You have complete control.

People typing on laptops.

DevSecOps delivered

Applying CIS (Center for Internet Security) or STIG (Secure Technical Implementation Guides) is a must-have to meet PCI, HIPAA, NIST, CMMC, FedRAMP and other regulatory compliance requirements. However, it's still challenging because automation at this scale and complexity is hard (trust us, we know!). This is where we come in.

Man holding card saying "There are Rules"

A lifecycle of compliance

Compliance can’t just happen at build time, it needs be at run time, too. Can your existing tools and process accommodate changes to compliance requirements and repeatedly enforce a desired state across the entire system or application lifecycle? If not, that’s just more work for your teams, and more risk to your business.

Coverage for STIG and CIS Requirements. Easy, fast, and secure.


RHEL 8 / Rocky 8 / Alma 8
RHEL 7 / Rocky 7 / Alma 7
Ubuntu 18
Ubuntu 20
Windows Server 2016
Windows Server 2019
‍Windows 10
Windows Firewall and Advanced Security
Amazon Linux 2


AWS Foundations

Kubernetes 1.6.1


Apache HTTP
Apache Tomcat 9
PostgreSQL 9
PostgreSQL 12


CISCO L2 IOS Switches

Custom Requirements

We can automate and support nearly any custom requirement.

Automate remediation. Supercharge yourself.

Increase compliance

Increase compliance

Compliance is risk management, and while compliance and security are not the same thing, properly applied compliance frameworks absolutely increase system security as well. Using Lockdown Enterprise to automate baseline application on a continual basis will increase overall environment compliance to important compliance frameworks.
Save time

Save time

Let the computers do the work for you! Using our pre-built and tested automation lets you focus on other things. Our team of security and Ansible experts have already spent thousands of hours perfecting each baseline control. Spend your time automating compliance, not authoring hundreds of automated controls. And audit cycles become drastically easier to handle.
Reduce cost

Reduce cost

One set of content will work across your entire environment, no additional per-system licensing needed. Avoid additional costs for a variety of compliance tools and return the time you save into more valuable projects.

Built for teams. Automation is required for DevOps, and you can't implement DevSecOps without automated security and baseline content. Lockdown is built for IT Operations, Development, Security, DevOps, and any other team


IT Operations

Use Lockdown Enterprise content to remediate systems as you deploy them. Integrate compliance automation into your existing systems management framework by using the compliance content to validate your systems’ baseline compliance standards. Rest easy knowing your systems are secured and compliant to standards, and quickly identify and correct configuration drift as it happens.

Test and QA Engineers

Lockdown Enterprise Ansible Roles enable you to keep your test and QA environments more closely configured to production, ensuring that when applications reach you for testing and ultimate deployment, they’ll behave and function as expected.


Ever worked on an application that works everywhere except production? Chances are compliance is to blame. Lockdown Enterprise content enables you to configure your development environment to more closely resemble production. Use our Lockdown Roles to repeatedly deploy your development environments in any infrastructure you’re comfortable with. It’s even container aware.

Features. Lockdown is built by automation and security experts that know the pain of baselines.


Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.

Automate On

Ready to get started? Start automating your baselines already!