If you are working with environments where certain policies and rules needs to be applied something like CIS baselines will be well known to you.
So it works on basis where you define which points you will apply to your system and from that point onwards you are expected to deliver proof that this is how ur systems are now compliant (or not ) and if you do not apply certain settings what is the reason for it .
However the problem comes when you need to enforce this compliancy on multiple systems and make sure they are all happily running this policies.
And here comes the really good part – where you take a configuration management tool like Ansible and create a reusable piece of code which defines your infrastructure. Although looking at CIS baseline documents – if you are to start from zero that would be a lot of work … but …. good friend of mine has spent his time preparing CIS baseline for Redhat 7 which is no available on github in his repository HERE 🙂
And for much more interesting info you can always look at his blog under https://blog.verhaar.io