The DoD's Security Technical Implementation Guides (STIGs) are the baseline for a vast majority of companies, But with 9 different profiles, and hundreds of individual action items how do you even begin? Join me as we look at how to use InSpec to ingest STIG data, how to read and determine what STIGs apply to you, and how to remediate those STIGs with Chef. We will explore the anatomy of a well written InSpec control and some of the more complex Chef and Ruby resources that allow you to successfully implement security hardening. Learn how to edit files in place, search and replace documents, and lessons learned from implementing the RHEL 6 STIG in both on premise and cloud environments.