Chef Compliance

Compliance with Speed and Efficiency

Maintain compliance and prevent security incidents across heterogeneous estates

Contact Sales

Maintain and Enforce Compliance
Across the Enterprise

Chef Compliance helps enterprises maintain compliance and prevent security incidents across heterogeneous estates while improving speed and efficiency.

Chef Compliance makes it easier than ever to maintain and enforce compliance across the enterprise, with standards-based audit and remediation content, easily tuned baselines to adapt to the organization’s needs, and visibility and control across hybrid and multi-cloud environments.

Chef Compliance Key Benefits 

Icon of paper with bullet points

Streamline Audits

Gain full visibility and easily manage waivers to eliminate 90% of the time spent on audits.

Icon of browser screen with graphs

Maintain Continuous Compliance

Close the loop between audit and remediation to ensure assets are always in compliance with CIS benchmarks and DISA STIGs.

Icon of accelerator

Easily Meet Enterprise Needs

Leverage certified, Chef-curated audit and remediation content that is easily tuned to organizational needs.

Chef Compliance:
 Maintain Compliance and Prevent Security Incidents

The need for IT security and compliance today is non-negotiable. For too long, this has meant uncomfortable trade-offs between risk and an organization’s ability to deliver solutions to the market with speed and efficiency. Whether required to adhere to regulatory standards, lacking visibility across heterogeneous infrastructure and applications, or unable to remediate findings, most enterprises struggle to stay secure and compliant. 

Chef Compliance helps organizations streamline their ability to stand up and maintain compliant IT infrastructure, whether on premises or in the cloud. Built on technology proven at extreme scale, including Chef InSpec, Chef Compliance leverages certified, curated audit and remediation content to help organizations quickly meet industry standards such as CIS benchmarks and DISA-STIGs. The product offers flexibility to easily apply and track waivers and tune controls to enterprise-specific needs.

Chef Compliance helps across all stages of the compliance workflow:

Acquire – customers access trusted content aligned to industry benchmarks for audit and remediation. With extensively tested, Chef curated, and CIS-certified content, organizations can get started quickly and ensure remediation actions align directly to audit results.

Define – Chef makes it easy to define compliance baselines and tune them to the organization’s unique needs. Flexible compliance waiver capabilities allow teams to turn on or off individual controls in order to avoid false positives and misconfigurations.

Detect – continuously monitor and evaluate compliance posture by detecting deviations from intended state at any point in the software delivery lifecycle.

Remediate – remediate non-compliance with policy-driven remediation capabilities that efficiently address individual controls in alignment with audit tests, encoding those fixes to enable continuous compliance. Remediation can be applied easily, without requiring coding skills.

Report – maintain comprehensive and up-to-date visibility across heterogeneous estates, easily view differences between baseline and remediated states, and track waiver status to enable fast and accurate audits any time.

Chef Compliance Audit

Screenshot of Chef Automate dashboard

Chef Compliance Audit helps security and operations teams maintain complete visibility over the compliance status of their estate. It comes with extensive audit content based on CIS and STIG benchmarks out of the box that can be easily tuned to meet specific needs of every organization. Chef Compliance Audit provides up-to-date visibility across any on prem or cloud environment.

Chef Compliance Remediation

Screenshot of Chef Automate dashboard

Chef Compliance Remediation helps close the loop between audit and remediation to enable continuous compliance in the enterprise. New remediation functionality and trusted, standards-based content makes it easy to remediate issues uncovered during audits without writing any code. 

Chef Compliance also has the extensibility and flexibility to allow for customization of pre-packaged remediation content that can be modified to accommodate for corporate specific needs through code.

Screenshot of Visual Studio Code demo

Chef Compliance Use Cases

Icon of shield

Audit for Security

Continuously assess security and easily customize and update testing when new vulnerabilities are published.

Icon of checkboxes

Audit for Compliance

Report on compliance checks against CIS benchmarks or DISA sandards in order to maintain continuous compliance.

Icon of cycle with circle in middle

Continuous Compliance

Monitor and remediate any deviations to compliance posture across environments continuously.

Icon of ticked off checkboxes

Regulatory Compliance

Leverage predefined benchmarks or fine-tune compliance profiles to address organizational specific requirements.

Icon of padlock

Government Compliance

Predefined DISA STIG and CIS benchmark profiles help accelerate the Authority-To-Operate (ATO) in highly regulated federal organizations.

 

Icon of timer in motion

Accelerate Delivery

Deliver faster business value as infrastructure and application compliance is built into the SDLC.

Chef Compliance Core Features

Chef Curated Content to Jump Start Compliance 

Customers access Chef curated trusted content for audit that is directly aligned to CIS (Center for Internet Security) benchmarks or DISA Security Technical Implementation Guides. Also now with newly available Chef Compliance Remediation content, organizations can ensure remediation actions align directly to audit results.

Infrastructure

Audit

Remediation

CIS Amazon Linux 2 – Level 1 & 2 – Server

Yes

 

CIS CentOS Linux 7 – Level 1 & 2 – Server 

Yes

Yes 

CIS CentOS Linux 8 – Level 1 & 2 – Server 

Yes

Yes 

CIS Debian Linux 9 – Level 1 & 2 – Server 

Yes

Yes

CIS Microsoft Windows Server 2012 R2 – Level 1 & 2 – Domain Controller

Yes

 

CIS Microsoft Windows Server 2016 – Level 1 & 2 – Domain Controller

Yes

 

CIS Microsoft Windows Server 2016 – Level 1 & 2 – Member Server

Yes

 

CIS Red Hat Enterprise Linux 6 – Level 1 & 2 – Server 

Yes

 

CIS Red Hat Enterprise Linux 7 – Level 1 & 2 – Server 

Yes

Yes

CIS Red Hat Enterprise Linux 8 – Level 1 & 2 – Server 

Yes

Yes

CIS Ubuntu Linux 18.04 – Level 1 & 2 – Server

Yes

Yes

DISA STIG Red Hat Enterprise Linux 6

Yes

 

DISA STIG Red Hat Enterprise Linux 7

Yes

 

DISA STIG Microsoft Windows Server 2012 R2 – Member Server

Yes

 

DISA STIG Microsoft Windows Server 2016

Yes

 

DISA STIG Microsoft Windows Server 2019

Yes

 

 

Cloud 

Audit

Remediate

CIS Amazon Web Services Foundation Benchmark – Level 1 & 2

Yes

 

CIS Azure Foundations Benchmark – Level 1 & 2

Yes

Yes

CIS Docker Community Edition Benchmark – Level 1 & 2

Yes

Yes

CIS Google Cloud Platform Foundation Benchmark – Level 1 & 2

Yes

 

CIS Kubernetes Benchmark – Level 1 & 2

Yes

Yes

CIS Microsoft 365 Foundations Benchmark – Level 1 & 2

Yes

Yes

Consolidated Fleet Visibility Dashboard

A specially tailored compliance centric dashboard allows organizations to gain deep insights into the state of their fleets. The Chef Compliance dashboard enables IT infrastructure and Information Security teams to maintain continuous visibility into the compliance status of the entire fleet.

Screenshot of Chef Automate dashboard

Screenshot of Compliance Reports on dashboard
Screenshot of Profiles on dashboard

Track, Audit and Apply Waivers to Changes

Through Chef Compliance teams can audit various endpoints for compliance against CIS benchmarks or DISA standards, while viewing the aggregated compliance state of the entire fleet. Chef Compliance allows organizations to flexibly apply waivers and provide a business justification for skipped controls, with the ability to apply end dates to determine when a waiver or control should be remediated, or allow for the waiver to be permanent.

Continuous Compliance Monitoring

With Chef Compliance, organizations can consistently enforce security based on industry standards, such as Center for Internet Security (CIS) benchmarks and DISA-STIGs. Users can also create custom profiles to meet any enterprise role-specific infrastructure or compliance policies so they are able to detect security or compliance issues and automatically correct them to maintain continuous compliance.

Rapid Remediation at Scale

Chef Compliance allows for correction or remediation of configuration drifts from desired state for a single device or up to the entire fleet, from a single pane of glass. Organizations can monitor device compliance state and either automatically or as needed reconfigure the IT resource back into compliance. 

Cerner

“We use compliance as code as a vehicle to unite all of our stakeholders. With it, you can articulate your security posture and, more importantly, produce a versionable artifact that represents that posture… Scaling beyond humans with compliance-as-code saves you and your system owners time, but auditors should also understand the time savings they are going to gain.”

Kyle Harper
Lead Engineering Manager, Cerner

Read the customer story

Recommended Content

Graphic of video player screenWebinar

New Research: Bring Security to DevOps

Watch now

Graphic with desktop screen and two speech bubblesCustomer Story

Continuous Compliance at Haventec

Read more

Ready to Get Started with Chef Compliance?

Contact SalesView Pricing