Content Library
Security content for validation, hardening, and developer libraries across platforms and compliance standards.
AWS CIS
AWS CIS Foundations security validation
AWS Foundations CIS - Ansible Lockdown
AWS Foundations CIS - Terraform
AWS MSQL 2014 STIG
AWS RDS Microsoft SQL 2014 Server STIG Instance
AWS RDS Best Practices Benchmark
Validates AWS RDS configuration against vendor best practices
AWS RDS CIS
AWS RDS Infrastructure CIS security validation
AWS RDS MySQL 5.7 CIS
AWS RDS MySQL Enterprise Edition 5.7 CIS security validation
AWS RDS Oracle Database 12c STIG
AWS RDS Oracle Database 12c STIG
AWS RDS PostgreSQL 10+ STIG
AWS RDS PostgreSQL 10+ STIG
AWS RDS PostgreSQL 9.x STIG
AWS RDS Crunchy Data PostgreSQL 9.x STIG
AWS S3
Validates AWS S3 buckets against security best practices
AWS S3 Best Practices Benchmark
Validates AWS S3 bucket security according to best practices including encryption, access policies, and logging.
AWS S3 Best Practices Benchmark
Validates AWS S3 bucket configuration against vendor best practices
AWS S3 Security
Validates AWS S3 bucket security configuration and access controls
Amazon Linux 2 CIS - Ansible Lockdown
Amazon Linux 2023 CIS - Ansible Lockdown
Apache HTTP Server 2.4 CIS - Ansible Lockdown
Apache HTTP Server 2.4 STIG - Ansible Lockdown
Apache HTTP Server SRG-Ready
Validates Apache HTTP Server configurations against DoD SRG requirements for baseline security controls.
Apache Server 2.2 STIG
Apache Server 2.2 STIG
Apache Server 2.4x STIG
Apache Server 2.4x STIG
Apache Site 2.2 STIG
Apache Site 2.2 STIG
Apache Site 2.4x STIG
Apache Site 2.4x STIG
Apache Tomcat 9 STIG - Ansible Lockdown
Apache Tomcat 9.x STIG
Apache Tomcat 9.x STIG
Apache Tomcat CIS - Chef
Apache Tomcat CIS - MITRE Ansible
Apache Web Server Hardening
Ansible playbook for hardening Apache web server configurations according to security best practices.
Azure CIS - Ansible Lockdown
Azure Security Benchmark
Validates Microsoft Azure resources against security best practices
Benchmark Generator
Generates structured output from XCCDF benchmark files for various automation tool formats. Used by the Ansible Lockdown project to produce remediation roles from benchmark source data.
Cisco IOS L2 Switch STIG - Ansible Lockdown
Cisco IOS Router STIG - Ansible Lockdown
Debian 11 CIS - Ansible Lockdown
Debian 12 CIS - Ansible Lockdown
Docker CE CIS
Validates Docker Community Edition installations against CIS Docker Benchmark security requirements
Docker CE CIS - Chef
Docker CE CIS - MITRE Ansible
Docker CIS Hardening
Ansible playbook for hardening Docker CE configurations according to CIS Docker Benchmark.
Docker CIS Hardening Chef
Chef cookbook for hardening Docker CE configurations according to CIS Docker Benchmark.
Elasticsearch Hardening - Chef
GCP CIS Benchmark
Validates Google Cloud Platform resources against CIS benchmarks for security and compliance
GCP PCI-DSS 3.2.1
Validates GCP infrastructure against PCI-DSS 3.2.1 compliance requirements for payment card data security.
GKE CIS Benchmark
Google Kubernetes Engine CIS Benchmark
GitHub Security
Validates GitHub organization and repository security controls
IIS 8.5 Server STIG
Microsoft IIS 8.5 Server STIG
IIS 8.5 Server STIG - Chef
IIS 8.5 Site STIG
Microsoft IIS 8.5 Site STIG
IIS 8.5 Site STIG - Chef
InSpec Runner
Containerized InSpec runner for executing compliance profiles in Docker environments. Simplifies running scans without local InSpec installation.
InSpecJS
A TypeScript library for parsing and evaluating InSpec results in HDF (Heimdall Data Format). Powers the data layer of Heimdall and other SAF tools.
JRE 7 STIG
Oracle Java Runtime Environment 7 Unix STIG
JRE 8 STIG
Oracle Java Runtime Environment 8 Unix STIG
K3s Cluster STIG
K3s Cluster STIG
K3s Node STIG
K3s Node STIG
Kubernetes 1.6.1 CIS - Ansible Lockdown
Kubernetes CIS
Validates Kubernetes clusters against CIS Kubernetes Benchmark to ensure secure configuration
Kubernetes CIS Hardening
Terraform configuration for deploying a hardened Kubernetes cluster according to CIS Kubernetes Benchmark.
Kubernetes Cluster STIG
Kubernetes Cluster STIG
Kubernetes Node STIG
Kubernetes Node STIG
Kubernetes STIG - Ansible Lockdown
MSQL 2014 Database STIG
Microsoft SQL Server 2014 Database STIG
MSQL 2014 Instance STIG
Microsoft SQL Server 2014 Database STIG
MongoDB Enterprise Advanced STIG - Chef
MongoDB STIG
MongoDB STIG
NGINX Hardening - Chef
Work-in-progress NGINX hardening cookbook
NGINX SRG-Ready
Validates NGINX web server configurations against DoD SRG requirements for enhanced security posture.
NGINX STIG Ready Baseline
NGINX STIG Ready Baseline
NGINX STIG-Ready - MITRE Ansible
OHDF Converters
Convert security tool output from various formats (Burp Suite, Fortify, Nessus, OWASP ZAP, Prisma, Sonarqube, and more) into OHDF (Open Heimdall Data Format) for unified visualization.
Oracle Database 12c STIG
Oracle Database 12c STIG
Oracle Database 19c CIS
Oracle Database 19c CIS Benchmark validation
Oracle Java RE 8 STIG - Chef
Oracle MySQL 5.7 CIS
Oracle MySQL Enterprise Edition 5.7 CIS security validation
Oracle MySQL 8.0 STIG
Oracle MySQL 8.0 STIG Baseline
PostgreSQL 10+ STIG
PostgreSQL 10+ STIG
PostgreSQL 12 CIS - Ansible Lockdown
PostgreSQL 9 STIG - Ansible Lockdown
PostgreSQL 9.x STIG
Crunchy Data PostgreSQL 9.x STIG
Red Hat 6 STIG
Red Hat 6 STIG
Red Hat 7 STIG
Red Hat 7 STIG
Red Hat 8 STIG
Red Hat 8 STIG
Red Hat CVE Scan
Scans Red Hat Enterprise Linux systems for known CVE vulnerabilities
Red Hat Enterprise Linux 10 CIS - Ansible Lockdown
Red Hat Enterprise Linux 6 STIG - Ansible Lockdown
Red Hat Enterprise Linux 7 CIS - Ansible Lockdown
Red Hat Enterprise Linux 7 STIG - Ansible Lockdown
Red Hat Enterprise Linux 7 STIG - MITRE Ansible
Red Hat Enterprise Linux 8 CIS - Ansible Lockdown
Red Hat Enterprise Linux 8 STIG - Ansible Lockdown
Red Hat Enterprise Linux 9 CIS - Ansible Lockdown
Red Hat Enterprise Linux 9 STIG - Ansible Lockdown
Red Hat Jboss EAP 6.3 STIG
Red Hat Jboss Enterprise Application Server 6.3 STIG
RedHat Enterprise Linux 9
InSpec Profile for RHEL9
STIG XCCDF XML Library
A TypeScript library for parsing and manipulating DISA STIG XCCDF XML files. Used to extract control metadata from STIGs for profile generation.
SUSE Linux Enterprise 15 CIS - Ansible Lockdown
TS InSpec Objects
TypeScript type definitions and utilities for working with InSpec profile and result objects. Provides strongly-typed interfaces for the InSpec data model.
Tomcat 7 CIS
Apache Tomcat 7 CIS security validation (Beta)
Tomcat 8 CIS
Apache Tomcat 8 CIS security validation (Beta)
Ubuntu 16.04 STIG
Canonical Ubuntu 16.04 STIG
Ubuntu 16.04 STIG - Chef
Ubuntu 18.04 CIS - Ansible Lockdown
Ubuntu 18.04 STIG - Ansible Lockdown
Ubuntu 20.04 CIS - Ansible Lockdown
Ubuntu 20.04 STIG
Canonical Ubuntu 20.04 STIG
Ubuntu 20.04 STIG - Ansible Lockdown
Ubuntu 22.04 CIS - Ansible Lockdown
Ubuntu 22.04 STIG - Ansible Lockdown
Ubuntu 24.04 CIS - Ansible Lockdown
Ubuntu 24.04 STIG - Ansible Lockdown
VMware Aria Automation 8.x STIG
VMware Aria Automation 8.x STIG Readiness Guide Chef InSpec Profile
VMware Aria Operations 8.x STIG
VMware Aria Operations 8.x STIG Readiness Guide Chef InSpec Profile
VMware Cloud Director 10.4 STIG
VMware Cloud Director 10.4 STIG Readiness Guide Chef InSpec Profile
VMware Cloud Foundation 4.5 STIG
VMware Cloud Foundation 4.5 STIG Readiness Guide Chef InSpec Profile
VMware Cloud Foundation 5.0 STIG
VMware Cloud Foundation 5.0 STIG Readiness Guide Chef InSpec Profile
VMware ESXI 6.5 STIG
VMware ESXI 6.5 STIG
VMware ESXI 6.7 STIG
VMware ESXI 6.7 STIG
VMware Horizon 8.0 STIG
VMware Horizon 8.0 STIG Readiness Guide Chef InSpec Profile
VMware Identity Manager 3.3.x STIG
VMware Identity Manager 3.3.x STIG Readiness Guide Chef InSpec Profile
VMware NSX 4.x STIG
VMware NSX 4.x STIG Readiness Guide Chef InSpec Profile
VMware NSX-T 3.x STIG
VMware NSX-T 3.x STIG Chef InSpec Profile
VMware Photon OS 3.0 STIG
VMware Photon OS 3.0 STIG Readiness Guide Chef InSpec Profile
VMware Photon OS 4.0 STIG
VMware Photon OS 4.0 STIG Readiness Guide Chef InSpec Profile
VMware Photon OS 5.0 STIG
VMware Photon OS 5.0 STIG Readiness Guide Chef InSpec Profile
VMware VCSA 6.7 STIG
VMware vCenter Server Appliance 6.7 STIG
VMware VCSA 7.0 STIG Readiness Guide
VMware vCenter Service Appliance version 7.0 STIG Readiness Guide
VMware vSphere 7.0 STIG
VMware vSphere 7.0 STIG Chef InSpec Profile
VMware vSphere 7.0 STIG Readiness Guide
VMware vSphere(ESXi,vCenter,VMs) 7.0 STIG Readiness Guide
VMware vSphere VM 6.7 STIG
VMware vSphere Virtual Machines version 6.7 STIG
VMware vSphere vCenter 7.0 STIG
VMware vSphere vCenter Appliance 7.0 STIG Chef InSpec Profile
VMware vSphere vCenter 8.0 STIG
VMware vSphere vCenter Appliance 8.0 STIG Readiness Guide Chef InSpec Profile
Windows 10 CIS - Ansible Lockdown
Windows 10 STIG
Microsoft Windows 10 STIG v1r19
Windows 10 STIG - Ansible Lockdown
Windows 11 CIS - Ansible Lockdown
Windows 11 STIG - Ansible Lockdown
Windows 2012 STIG
Microsoft Windows 2012r2 Member Server STIG
Windows 2016 STIG
Microsoft Windows Server 2016 STIG
Windows 2019 STIG
Microsoft Windows Server 2019 STIG
Windows Firewall Advanced Security STIG - Ansible Lockdown
Windows Server 2012 R2 STIG - Chef
Windows Server 2016 CIS - Ansible Lockdown
Windows Server 2016 STIG - Ansible Lockdown
Windows Server 2016 STIG - Chef
Windows Server 2019 CIS - Ansible Lockdown
Windows Server 2019 STIG - Ansible Lockdown
Windows Server 2022 CIS - Ansible Lockdown
Windows Server 2022 STIG - Ansible Lockdown
Windows Server 2025 CIS - Ansible Lockdown
eMASS Checklist Updater
Translates findings between eMASS Checklist (CKL) versions. Useful when migrating between STIG versions while preserving existing findings.
eMASS Client
Client libraries for the eMASS (Enterprise Mission Assurance Support Service) REST API. Enables programmatic access to eMASS for security authorization workflows.