Operations | Monitoring | ITSM | DevOps | Cloud

As this fiscal year wraps up, many agencies are planning their response to compliance reporting requirements. Meeting these requirements—particularly in advance of an audit—can be incredibly time-consuming. While the Defense Department has made managing risk easier through Security Technical Implementation Guides (STIGs), it’s still dependent upon IT staff to help ensure their systems are continuously secure and compliant.

After many weeks of work, we're delighted to announce the latest feature of the incident.io platform: Workflows. Configure your processes once, and we'll make sure you follow them, every time ✨ A little while ago, I was asked the question: “what makes a good incident response?”. Whilst there’s infinite nuance in the answer, mine was pretty straightforward. The best incidents are founded on principles of communication, coordination, and clear roles and responsibilities.

Have you heard about the Puppet Practice Labs? Our free, browser-based, hands-on labs cover a variety of topics for getting started with Puppet — everything from installing the primary server to identifying server roles using package data collection, and much, much more. You can read more about them in my previous blog post. We’ve designed Puppet Practice labs to make learning Puppet fun, engaging, and memorable for learners of all levels.

We are pleased to announce two new patch releases for CFEngine, version 3.15.5 and 3.18.1! These releases mainly contain bug fixes and dependency updates.

With the release of build.cfengine.com, I have been working to migrate some of our own security related policy into modules of their own. CFEngine Build and the cfbs tooling allows us to organize policy into modules, which are easy to update independently and share with other users. Let’s take the scenic route and look at what life is like with cfbs. One of our security policies requires that the password hashing algorithm in /etc/login.defs is set to SHA512.