Remediate, Validate, Repeat.

Ansible makes you a hero. Our roles will make you a superhero.

We built Lockdown Enterprise for teams to remediate STIG and CIS. Learn more about how Lockdown Enterprise fits into nearly any environment and workflow.

Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score using OpenSCAP. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.


Turn individual rules on or off or disable entire classes or categories. Configuration options are just Ansible variables, so changing what controls are applied per host, or per best practices, is as simple as changing a variable at execution time.

Deploy compliant and secure systems

Apply Lockdown content to systems at deployment time to ensure your newly deployed applications are compliant from day zero.

Flexible output

Automatically copy scoring runs to a SIEM or central logging location of your choice.

Ongoing compliance validation

Lockdown Enterprise Roles can be run in a validation (think check mode) or remediation mode. Safely see what controls will be applied before making the decision to remediate them.

Run Ansible your way

From the command line, from a Red Hat Ansible Tower Job or Workflow, your CI/CD tool like Jenkins, or via any other management tool that understands Ansible. The same content can be used from as many different tools needed to ensure full lifecycle coverage.

Yes, there's a demo.  Check out the RHEL 7 STIG Role being applied using Red Hat Ansible Tower.

Watch the Demo

Automate On

Ready to get on with it? Let's start automating those baselines already!