New to CIS-CAT Pro: Automatic New Release Alerts and a New CIS Controls Assessment Module
At CIS, we strive to improve our members’ experience when using our tools while implementing cybersecurity best practices. A top priority for us this year, and in the future year, is to more seamlessly integrate the tools available to our CIS SecureSuite Members.
CIS SecureSuite Members are receiving an update to CIS-CAT Pro Dashboard v1.1.10 that now includes an option to receive alerts within CIS-CAT Pro Dashboard when a new CIS-CAT Pro release is available. Members will have the ability to establish an integration with CIS WorkBench to enable the new release alert. Additionally, Members will receive an update to CIS-CAT Pro Assessor v4.0.14 that will include additional automated CIS Controls assessment content for Microsoft Windows Server 2016.
Thank you to all our Members who contributed testing effort for the new CIS-CAT Pro Dashboard feature. We, at CIS, are truly amazed of the power of our Member Community! Our beta test participants have helped us enhance the final product as well as our instructions to you. We greatly appreciate the time that Tom Goodman, Technology Specialist at Capital Blue Cross, has contributed in the testing efforts. We also are grateful for the efforts that DevOps Engineers from ASDT in UK Ministry of Defence who provided invaluable information and opinions that have shaped this delivered product as well as other future enhancements.
About CIS-CAT Pro and CIS WorkBench Integration
Establish a connection between any instance of CIS-CAT Pro Dashboard v1.1.10+ to CIS WorkBench to enable alerts of new CIS-CAT Pro releases within CIS-CAT Pro Dashboard’s Inbox.
Each new release alert message will contain a release changelog, links to download the bundle, and hashtags to verify the authenticity of the downloaded file. You’ll be able to download the release directly from the message once a connection has been established with CIS WorkBench.
CIS utilizes OAuth 2.0 authorization framework to establish the one-way API connection between the two applications.
While the connection is active, a daily job will run to check CIS WorkBench for the availability of a new release of CIS-CAT Pro. If a new release is found, each connected instance of CIS-CAT Pro Dashboard will receive an inbox alert with the release information.
We’ve reserved the ability to initiate the connection to users with an admin role in CIS-CAT Pro Dashboard. Select the “gear” icon to access the new menu item, System Integrations.
CIS Controls Assessment Module for Microsoft Windows Server 2016
The CIS Controls Assessment Module for Windows Server is a new feature in CIS-CAT Pro Assessor v4.0.14 and CIS-CAT v4 Lite. This module is designed to help organizations measure their implementation of the CIS Controls V7.1. This feature uses a combination of automated checks and survey questions to cover the 43 CIS Sub-Controls in Implementation Group 1 for Microsoft Windows Server.
Evaluations using the CIS Controls Assessment Module can be initiated from the command line interface (CLI) or from supporting assessor files, like other assessments. CIS-CAT Pro Assessor v4 produces a pass/fail report for Microsoft Windows Server Implementation Group 1 in multiple formats including XML and HTML. Reports can be uploaded into CIS-CAT Pro Dashboard for easy analysis over time.
An Ever-growing CIS-CAT Pro Community
CIS is deeply thankful for our volunteers, partners, and CIS SecureSuite Members who work together to improve configuration security for everyone. By providing feedback on best practices, testing new software builds, and more, our communities are continuously helping us improve and grow. We couldn’t do it without you!
CIS SecureSuite Members can download the latest updates to CIS-CAT Pro Dashboard by logging in to CIS WorkBench. Don’t forget to check the CIS-CAT Pro Dashboard Change Log for a complete listing of all changes to the application!
Want to share your endpoint configuration challenges with a CIS-CAT Pro team member? We love hearing real-world experiences and challenges! Want to contribute to our design of new functionality, or test a new feature? Reach out to us at firstname.lastname@example.org. Make a difference today!
About the Author
By: Maureen Kunac
CIS-CAT Pro Product Owner
Maureen Kunac is currently part of the Security Best Practices team at CIS and is the Product Owner for CIS-CAT Pro. Maureen leverages community cybersecurity experiences to prioritize and design new CIS-CAT Pro features. She works with members to understand their business processes associated with system configuration and vulnerability assessments.
Prior to her role as CIS-CAT Product Owner, Maureen contributed product management skills for over 25 years to various software development projects in a wide range of industries including warehouse management, retail, food manufacturing, and healthcare. Maureen is a Certified Scrum Product Owner and holds a BA in Accounting from University at Albany – SUNY.