Puppet release announcement | Security Compliance Management v3.7.0

[Puppet Product Updates]

Security Compliance Management 3.7.0 Is Now Available

Security Compliance Management (SCM) 3.7.0 helps teams assess systems against recognized security benchmarks. This release supports evolving baselines and improves audit readiness, operational reliability, and overall governance by giving administrators tighter control over platform performance, user access, and API security within the Puppet Enterprise platform.

 

Why Upgrade to SCM 3.7.0

Organizations should consider upgrading to SCM 3.7.0 to reduce compliance gaps, stabilize large-scale assessments, and strengthen security controls as environments grow more complex.

With this release, teams can:

• Maintain audit readiness as new operating systems and benchmarks are adopted.
• Improve scan reliability and performance in large-scale environments managed through Puppet Enterprise.
• Centralize and standardize user session and API behavior across the platform.
• Reduce exposure to known vulnerabilities through updated dependencies and security fixes.

What This Release Delivers

Expanded benchmark coverage for evolving environments

SCM 3.7.0 updates CIS-CAT Pro Assessor benchmark coverage to support newer operating systems and standards. This helps ensure compliance reporting remains current as teams adopt new platforms.

Highlights include:

• New CIS benchmarks for numerous Linux distributions and macOS.
• An updated benchmark for Microsoft Windows 11 Enterprise.

More predictable performance during compliance scans

Administrators can now control JVM memory allocation for the CIS Assessor, allowing performance tuning based on environment size and available resources. This results in more reliable scans and fewer disruptions during compliance assessments.

Greater control over user access and session behavior

New centralized session management options allow administrators to better align SCM authentication behavior with corporate security and identity policies. The outcome is reduced risk from long-lived sessions and improved governance.

Improved API governance and security posture

Additional GraphQL controls help limit exposure and enforce request limits in regulated or security-sensitive environments. The smaller API attack surface provides stronger API governance.

Security fixes and dependency updates

This release addresses multiple known vulnerabilities across core dependencies, helping reduce inherited risk and support ongoing vulnerability management.

For a complete list of addressed CVEs and detailed configuration guidance, see the release notes.

Next Steps

• Review the release notes for technical details and configuration information.
• Upgrade to SCM 3.7.0 to take advantage of expanded coverage and new governance controls.

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.