Ansible playbook roles for security
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 9 commits behind ansible:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
RHEL6-STIG @ 04ea5d5
RHEL7-CIS @ 06715b3
RHEL7-STIG @ 068135c

Ansible Lockdown


Ansible Lockdown is a collection of Ansible roles related to security automation. All roles included in this project must meet the contribution guidelines.

Some roles referenced in this project are a collaborative effort between Ansible and our IT Security partner MindPoint Group to provide you with thorough, vetted, and trusted security roles that you can integrate with any of your existing playbooks or as the building blocks for completely new playbooks. Other roles included in this project, while not vetted by MindPoint Group, have been deemed by the maintainers and community to meet the contribution guidelines.

The initial effort is for the development of roles centered around STIG and CIS benchmark baselines. Based on community feedback we'll then proceed with other security guidelines for additional operating systems and applications.

Mailing List

Most of the communication around the project happens on the mailing list. That is best way to stay up to date with what is happening with the project.


In order to use the roles you should first ensure that you have Ansible installed.

To clone the entire project and use the included playbooks:

git clone --recursive

You can also install the roles individually from Ansible Galaxy.


The standards are pulled directly from DISA.


The standards are pulled directly from CIS.


Contributions to Ansible Lockdown and roles referenced here will follow a similar process to the main Ansible project. Fork the repository, make changes, and submit a pull request. Pull requests should not contain any merges or merge conflicts.

Feature requests and bug reports should all be opened on the project page for the individual role, not here.

Current Build Statuses for Security Roles

Standard OS Repo Galaxy Link Status
DISA STIG RedHat 6.* Repo Galaxy Codeship Status for MindPointGroup/RHEL6-STIG

Note: A green badge represents a successful build which consists of:

  1. Creating an AWS EC2 instance from the AMI's provided by AWS as defaults.
  2. Applying the security baseline.
  3. Using OpenSCAP and STIGMA to further validate the application of the baselines.