Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

Improve Your Organization’s Cyber Hygiene with CIS CSAT Pro

Basic cyber hygiene is the foundation for any good cybersecurity program. Tony Sager, CIS VP and Chief Evangelist, recently defined basic cyber hygiene as Implementation Group 1 (IG1) of the CIS Controls. The safeguards covered in IG1 can help protect organizations from all five of the top attack vectors.

Thousands of organizations have already made the move from traditional spreadsheet tracking of CIS Controls implementation to take advantage of the CIS Controls Self Assessment Tool (CIS CSAT). Now, CIS has introduced CIS CSAT Pro, which offers new features and benefits.

How to Achieve Basic Cyber Hygiene

The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts around the world. The safeguards included in IG1 represent basic cyber hygiene for any organization, while organizations with more resources can implement all of the CIS Controls. CIS CSAT makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document progress.

Assessing Implementation of the CIS Controls

CIS CSAT is a companion tool that helps IT security teams track their implementation of every CIS Control and Sub-Control, or safeguard. Organizations can collaborate across teams with a built-in workflow to answer a set of questions based on the selected Implementation Group.

The answers to the questions generate an overall score that shows how well an organization has implemented the CIS Controls. Progress is tracked over time and compared to industry average scores.

Introducing CIS CSAT Pro

A hosted version of CIS CSAT has been available since January 2019, with the most recent v1.3.0 update occurring in June 2020. This version is and will remain free for non-commercial use by any organization. CIS CSAT Pro, an on-premises version released in August 2020, offers some new benefits.

Key CIS CSAT Pro Features

While still offering the same assessment workflow that users have come to rely on in the free version, CIS CSAT Pro offers some new features.

  • Choose whether to share assessment data with CIS. By default, CIS CSAT Pro will not share an organization’s assessment data. Users can opt in to share data anonymously in order to compare their scores to industry or other peer group averages.
  • Create multiple organization trees. This feature provides greater flexibility in how to track organizations, sub-organizations, and assessments.
  • Create multiple concurrent assessments in the same organization or sub-organization.
  • Assign users to different roles for different organizations/sub-organizations. For instance, a user can be an Organization Admin for some organizations, while being assigned limited access to other organizations, and be given no role in still other organizations.
  • Separate roles within an organization. A user can be given access to work on all parts of an organization’s assessments without being given an administrative role in that same organization.
  • Enjoy a simplified scoring process. Rather than requiring four scores per Sub-Control, CSAT Pro uses a simplified scoring method. It streamlines the process by only requiring one score per Sub-Control.

Organizations that already started assessments in the free version of CIS CSAT can easily export those assessments and import them into CIS CSAT Pro. Implementation scores carry over.

Overall, CIS CSAT Pro gives users greater control over their data, while providing greater flexibility in how they manage users, organizations, and assessments within the tool. It can help organizations improve their cyber defense program, regardless of their size or resources.

This powerful tool identifies well-implemented safeguards from the CIS Controls and highlights areas for improvement. This understanding is extremely useful to help organizations decide where to devote their limited cybersecurity resources.

Access CIS CSAT Pro

CIS CSAT Pro is available through CIS SecureSuite Membership. Members also have access to CIS-CAT Pro, a configuration assessment tool for the CIS Benchmarks, as well as other resources. The addition of CIS CSAT Pro now allows Members to effectively assess their implementation of both CIS Benchmarks and CIS Controls.

CIS CSAT Pro is available to CIS SecureSuite Members through CIS WorkBench.