The Center for Internet SecurityThe Center for Internet Security Site MapContact UsPrivacy Policy
The Center for Internet Security
HomeNewsWhat is CIS?Benchmarks/ToolsOther ResourcesJoin UsTestimonialsFAQ
CIS Members site

Become a Member of CIS - Click here for more info

More than 170 members, from around the wrold! Click here for more info

Get Involved - Click here for more info



CIS certifies commercial software. Click here for more info

CIS licenses resources for commercial use. Click here for more info.

click here to find out about CIS trademarks.

Click here to find out about upcoming conferences and events!
CIS Members Receive Scoring Tools with Added Features
CIS-CAT is a configuration assessment/audit software tool available to CIS Members only. It is a Java tool that reports the configuration status of the target system compared to the technical controls defined in the XCCDF (XML) files that it reads, and reports the comparative score it on a conformity scale of 0-100. Its available for download from the CIS Members web site.

CIS-CAT reads:
a) thirteen CIS Benchmarks currently available in XCCDF,
b) XCCDF configuration files distributed by NIST for Microsoft Win XP and Vista, and
c) user-modified CIS Benchmark XCCDF files.

CIS currently distributes CIS-CAT with production version support for the following benchmarks:
SuSE
Slackware
Red Had Enterprise Linux
Debian
Solaris 10 (Benchmark v2.1.3
Solaris 10 11/06 and 8/07 (Benchmark v4.0)
Solaris 9 (Benchmark v4.0)
AIX
HP-UX
Oracle 9i/10g on Windows operating systems
Oracle 9i/10g on Unix operating systems
Windows XP
Windows Server 2003
Vista (NIST content)

CIS-CAT requires JRE v1.5. The tool and the JRE can reside on the target system of evaluation or on a removable or network drive, provided it is accessible from the target of evaluation.

CIS-CAT is distributed with CLI and GUI. It host based (not a network or enterprise scanner) and scan only (doesnt change configuration settings). Some CIS members devised/scripted their own methods to use CIS-CAT to audit/monitor multiple systems simultaneously using system management utilities, but CIS does not provide any such scripts.

CIS-CAT can read customized input files, so members can compare the configuration of their systems with both the CIS benchmarks and their customized configuration policies. This feature is enabled by user modification of the Benchmark XCCDF files. In response to members requests, CIS is creating developing a guide to assist users in modifying and validating customized XCCDF files for use with CIS-CAT. It should be available to members this month.

CIS-CAT documentation consists of the README file in the download package, a well as a technical specification document and a users manual that are distributed from the CIS members web site along with CIS-CAT. Additional guidance and user support is provided via the member discussion forum and email communication with CIS staff.
FYI - In addition to CIS-CAT, CIS also distributes 5 other tools - Next Generation Tool (NG Tool), Router Audit Tool (RAT), Perl tools for Unix operating systems, and an Apache Benchmark tool. CIS no longer develops, maintains or provides member support for use of these tools. They will reach end of life when the Benchmarks for which they were created become out of date and are no longer distributed.

CIS-CAT IS THE ONLY SOFTWARE TOOL THAT CIS CONTINUES TO DEVELOP AND SUPPORT.

Click Here for more information about CIS membership.

Click Here to review the CIS Support Policy.

Click Here to go to the CIS Members Web Site.

For more information about membership, send a message to cis@cisecurity.org or call 717-534-1812.




Logo and Design by Keiler
© 2005, the Center for Internet Security.