Policy compliance for systems has been a hot topic for 2017. The Puppet ecosystem provides an excellent set of tools for both automating the initial security and compliance foundation of your systems and, more importantly, ensuring that they stay compliant over time. This talk will pull from the experience that we have gained while developing the SIMP Project and provide both guidelines, and examples, for keeping your systems in compliance with both public and internal policies. This presentation will cover: * Translating policy from source to intent * Mapping class and defined type parameters to policy * Detecting parameter deviation from policy * Enforcing framework-level compliance from Hiera * Compliance evaluation during test * Compliance evaluation after deployment * Correlation and reporting The audience should leave with an understanding of how they can both implement a compliant infrastructure as well as working with their internal security personnel to ensure that the compliance status of their infrastructure is well understood and enforced.