CIS-CAT Pro Dashboard Views of Configuration Data in v2.2.0

In May 2021, the CIS-CAT development team delivered CIS-CAT Pro Assessor v4.7.0 with the latest CIS Benchmark automated assessment content. The tool was enhanced to show CIS Controls v8 mappings in the HTML output report, where mappings exist. On July 1, CIS-CAT Pro Dashboard v2.2.0. was released, providing the ability to view these individual configuration assessment results.

 

CIS-CAT Pro Assessor v4.7.0 Dashboard screenshot

 

The Dashboard now also reveals the associated Implementation Group (IG) for mapping CIS Controls. IGs are groups of Safeguards that help prioritize cyber defenses by levels of cyber maturity. IG1 has been defined by community consensus processes as basic cyber hygiene. This is the foundational set of cyber defense Safeguards that every enterprise should apply to guard against the most common attacks. Each IG builds on the previous one: IG2 includes IG1, and IG3 includes IG2 and IG3.

Prioritizing Your Remediation Efforts

Not sure where to get started? CIS recommends prioritizing remediation efforts on CIS Benchmark recommendations associated with IG1. It’s important to start somewhere, and any progress is good progress!

CIS-CAT Pro Assessor v4.7.0 Dashboard screenshot

We know that it can take organizations and legislatures time to adopt a new CIS Controls framework. For this reason, future CIS Benchmarks will continue to be released with updated mappings to CIS Controls v8 as well as v7.0/v7.1. CIS-CAT displays CIS Controls v7.1 as v7.0. CIS Controls v7.1 introduced the concept of Implementation Groups and did not require changes to the tools.

While Sub-Controls are now called Safeguards in CIS Controls v8, our tools will continue to display “Sub-Control” labels for now. We plan to change the report and screen labels to coordinate with our latest CIS Controls cyber defense guidance in the future.

New CIS-CAT Pro Dashboard Report to Support Remediation

So, you’ve run your configuration report. What’s next? Analysis and decision-making conversations on CIS Benchmark recommended configuration states typically follow. This is not an easy task.

CIS-CAT Pro Dashboard v2.2.0 has a new report that can help system engineers, security technicians/specialists, and others in your organization to focus on failures by Benchmark. The new report can be found under the “Reports” menu and is called “Configuration Assessment Result Summary.” The report provides a count of systems failing recommendations by selected CIS Benchmark profile and version.

The presented results include:

  • Most recent assessment results imported into Dashboard
  • Results with a “Fail” status that do not have an active exception
  • Option to export further details of the systems contributing to the summary counts

CIS-CAT Pro Assessor v4.7.0 Dashboard screenshot

CIS-CAT Pro Assessor v4.7.0 Dashboard screenshot

Export the system details that support the summary.

CIS-CAT Pro Assessor v4.7.0 Dashboard screenshot

We listened to system engineers and security technicians explain their jobs, needs, and pain points. Many challenges were discussed, and we created this report with some of those challenges in mind. We hope the new report will provide:

  • Identification of gaps in configuration, deviations from best practices established in CIS Benchmarks, or an organization’s defined policies in tailored Benchmarks
  • Identification of scope of gaps
  • Discussions with security policy on recommendation adoption or risk acceptance
  • Focus on what needs to be addressed (Fail results excluding exceptions)
  • Prioritization of system configuration changes
  • System details for selected configuration action

Download the Latest Version of CIS-CAT Pro

We hope you’ll have a chance to use the latest CIS-CAT Pro Dashboard upgrade. We have a lot more ideas on how to make this report even better.

CIS SecureSuite Members – Download CIS-CAT Pro today.