Not an Ansible user yet, but challenged by the need to remain STIG compliant? Getting started with Ansible is easy.
Access the STIG role through Ansible Galaxy.
Interested in staying updated on the work that MindPoint Group and Ansible are doing with automated STIG roles? Sign up for updates below.
OS Support - Supports RHEL 6 and variants today, with more Linux and Windows versions coming soon.
Vulneratbility Category Detection and Correction
As of 26 Feb 2015:
The Role does not automatically correct every finding as some are build-time (i.e. partitioning requirements) that are not safe to automatically remediate in a generic fashion.
Secure - Every committed update to the STIG project is reviewed by the Ansible and MindPoint Group teams, and results of the Role application are run through an automated testing gauntlet involving the use of OpenSCAP and STIGMA. The current status of the roles is viewable in the ansible-lockdown README.
Community - Like all OpenSource projects, the more users and contributors to the project, the better the result and functionality will be. Want to particpate?
Free and Open - Like Ansible Core, the STIG role is provided free-of-charge, however many customers find that the STIG role plus Ansible Tower provide unprecedented benefits and capabilities when applying and managing STIG compliance across a large set of systems. For deeper level assistance with your IT Security posture, MindPointGroup is Ansible’s recommendation.