Lockdown Enterprise is supported Ansible content feed that automates security baselines on operating systems, applications, and infrastructure.

Increase compliance

Focus your efforts on applying baseline automations across infrastructure, integrating them into your deployment, management, reporting, and CI/CD processes, and expanding the teams participating in compliance.

Save time

Spend time making sure environments are compliant, not writing and maintaining 100s of automation rules for each baseline, and trust that we'll keep the automation content updated when baselines or platforms change.

Flexiblity that Scales

Because you can't apply every baseline control without consequences (like breaking your app). Choose what you do and don't apply, and continue your validation and remediation practices across the lifecycle of your application.

GET STARTED

Features

In order to achieve DevSecOps, you need automated security content. We built Lockdown Enterprise with development, security and operations teams in mind.

Apply individual categories

- name: Security Stack
  hosts: someServers
  roles:
    - role: rhel7-stig
      rhel7stig_cat1: yes
‍

Exclude rules

- name: Security Stack
  hosts: someServers
  roles:
    - role: rhel7-stig
      exclude:
      - 'RHEL-07-010020'

Tailored logic

- name: Security Stack
  hosts: someServers
  roles:
    - role: rhel7-stig
      rhel7stig_lftpd_required: yes
      rhel7stig_firewall_service: iptables
‍

Getting started is as easy as using Ansible to automate.

Platforms and Pricing

Currently Supported

Red Hat Enterprise Linux 7 STIG
CentOS 7 STIG
Oracle Enterprise Linux 7 STIG
PostgreSQL 9 STIG
‍

Coming Soon

Red Hat Enterprise Linux 7 and CentOS 7 CIS
Windows Server 2016 STIG and CIS
Windows Server 2019 STIG and CIS
‍Amazon Linux 2 STIG and CIS
Tomcat 8 and 9 STIG

No host or node counting required. Ever.

Each baseline subscription can be used how you see fit and on as many hosts or containers as you need. No additional licensing required.

Ask yourself: how much are you spending doing this on your own?

CONTACT SALES FOR PRICING

Support

The support for your security demands

Instead of working through issues on your own, we're here to support you. Included in every subscription:

Access to our growing library of mitigating/compensating controls, or we'll help you automate one if needed.
Support to help diagnose automation or Lockdown Enterprise Ansible Role issues.
Earliest access to new automation content when platforms and baselines are revised.

CONTACT SUPPORT

Community

Join the community

GitHub

Upstream roles are split across multiple repositories, but we do keep track of them from the central Ansible-lockdown repo.

GitHub Repo

Mailing List

Have questions, ideas, or something else you want to share with the community? Check out our public mailing list.

Mailing List

IRC

Want to chat directly with the community? Find us on #ansible-lockdown on Freenode.
‍

FreeNode IRC

Resources

Learn more

The Lockdown Enterprise Value

Download a datasheet summarizing the value Lockdown Enterprise brings to security-conscious organizations.
‍

Get The VaLue Data sheet

Why Security Baselines are Better with Ansible

Learn about the three key reasons why using Ansible as the foundation for your security baselining requirements makes so much sense.

Get The Ansible Data sheet

Security Baselines,Made Easy.

Increase compliance

Save time

Flexiblity that Scales

Features

Apply individual categories

Exclude rules

Tailored logic

Platforms and Pricing

Currently Supported

Coming Soon

No host or node counting required. Ever.

Ask yourself: how much are you spending doing this on your own?

Support

The support for your security demands

Community

Join the community

GitHub

Mailing List

IRC

Resources

Learn more

The Lockdown Enterprise Value

Why Security Baselines are Better with Ansible

Security Baselines,
Made Easy.