Remediate, Validate, Repeat.

Ansible makes you a hero. Lockdown content makes you a superhero.

We've spent our careers dealing with baselines. Ansible Lockdown was designed to solve your baseline challenges.

Built for teams

Our Ansible content can be used by entire teams to ensure deployed systems and applications are compliant.

Built-in scoring

Automatically take a pre and post-run remediation score. Use this NIST-approved reporting to demonstrate compliance or add your own code to manipulate the output into whatever format you need.

Compliance drift management

We built our content to be repeatedly run on systems, so the same content works with new deployments and existing infrastructure.


Turn individual rules on or off or disable entire classes or categories. Configuration options are just Ansible variables, so changing what controls are applied per host, or per best practices, is as simple as changing a variable at execution time.

Deploy compliant and secure systems

Apply Lockdown content to systems at deployment time to ensure your newly deployed applications are compliant from day zero.

Flexible output

Automatically copy scoring runs to a SIEM or central logging location of your choice.

Ongoing compliance validation

Lockdown Enterprise Roles can be run in a validation (think check mode) or remediation mode. Safely see what controls will be applied before making the decision to remediate them.

Open source

Lockdown Enterprise is a MindPoint Group led and sponsored, with a community of contributors that help make the Roles continuously better.

There's a demo.  Check out the RHEL 9 STIG Role being applied using Red Hat Ansible Tower.

Watch the Demo

Automate On

Ready to get started? Start automating your baselines already!