CIS Logo
tagline: Confidence in the Connected World

New to CIS-CAT Pro: Remote Assessment from CIS-CAT Pro Dashboard and HTML Report Customization

By Maureen Kunac, CIS-CAT Pro Product Owner

Thousands of organizations around the world leverage CIS SecureSuite Membership resources to improve their cyber defenses. From implementing CIS Benchmark security best practices to assessing endpoints for compliance with CIS-CAT Pro, there’s a lot to discover in CIS SecureSuite Membership. Keep reading to learn about the latest Membership benefits and updates.

CIS-CAT Pro Assessor v4 Service

CIS is releasing a companion product for CIS-CAT Pro called CIS-CAT Pro Assessor v4 Service. CIS-CAT Pro Assessor v4 Service allows you to conduct CIS Benchmark assessments using the graphical user interface (GUI) provided by CIS-CAT Pro Dashboard. To get started, you’ll need CIS-CAT Pro Dashboard v1.1.11 (available January 22, 2020) and CIS-CAT Pro Assessor v4 Service v1.0.0. To enable the scan, simply initiate an assessment from CIS-CAT Pro Dashboard using a web service request to CIS-CAT Pro Assessor v4 Service.

Introduction to Assessment Scanning with the New GUI

Have your IT security teams ever wanted to run a single configuration scan to verify their remediation efforts? With the latest CIS SecureSuite Membership resources, they can. Leveraging CIS-CAT Pro Dashboard v1.1.11 along with our new companion CIS-CAT Pro Assessor v4 Service v1.0.0 application, you can utilize our latest feature to scan the configuration of a single target system.

Our focus was to release this functionality as soon as possible to gain your valuable feedback. We’re releasing basic functionality to run a configuration scan on a remote target system with supported CIS Benchmarks. We are planning on enhancing the capabilities going forward based on user experience and Member input. Look for future surveys to gather feedback; your participation is appreciated as we use this information to help drive development decisions.

How to Assess from CIS-CAT Pro Dashboard

To start: download, install, and configure CIS-CAT Pro Dashboard and CIS-CAT Pro Assessor v4 Service. Keep in mind that CIS-CAT Pro Assessor v4 Service v1.0.0 is configured only to process web requests from CIS-CAT Pro Dashboard. We chose to deploy it as a separate application to give users the flexibility for a separate installation. Although a single scan is not expected to need a powerful server, future functionality such as the ability to schedule scanning of multiple target systems may. We’re planning ahead! Continue to use CIS-CAT Pro Assessor v4 for all other command line, local, or centralized scanning activities.

CIS_WorkBench_Downloads

Once all applications are configured, login into the CIS-CAT Pro Dashboard and navigate to Target Systems -> Search. Search and select the target system’s link in the search results to assess.

CIS-WorkBench_Search_target-Systems

 

Select the “Assess” button.

CIS_CAT_Pro_Assessor-Service

In the popup , enter the required information for the remote target system and press “Start Assessment” button.

Assess-Configuration

 

Navigate to the Job Status page via the link or the menu to monitor the progress of the assessment.

view-progress-in-job-status

reports-job-status

job-status-reports

The job status screen will track the progress of the assessment only and not the import of the report.

Highlighted Features for CIS-CAT Pro Assessor v4.0.16

CIS has also recently released updates to CIS-CAT Pro Assessor. Start using the latest CIS-CAT Pro Assessor v4.0.16, released on January 15, 2020. Here’s what’s new in V4.0.16:

New Microsoft Windows 10 Benchmarks – 1903 and 1909

This new release delivers and supports automated configuration assessments for Microsoft Windows 10 1903 and Microsoft Windows 10 1909.

Third Party Library Updates

Windows Assessments are using “up-to-date” versions of third-party libraries. We’ve upgraded the tool to utilize Python v3.7 as the previous version has reached end of life. We’ve moved other third-party libraries to later versions of Groovy and Logback. Please let us know if you experience any issues with the assessment process by emailing support@cisecurity.org.

Reduced Errors – Spaces in Files During Assessment

Have you encountered issues with assessments due to spaces in file paths? Our engineers have been busy updating the tool to now handle spaces in assessed file paths or the CIS-CAT Pro Assessor v4 main file path location. We want to ensure your assessment process runs without interruptions!

Customized HTML Assessment Report

Have you wanted to customize CIS-CAT Pro Assessor v4 reports with your organization’s branding or logo? CIS-CAT Pro Assessor v4.0.16 now supports customization. Add your organization’s logo, background, subtitle graphics or custom CSS to the HTML report. To enable, add your graphic files to the “custom” folder of CIS-CAT Pro Assessor v4.0.16 and update your properties file to ensure the HTML shows your organization’s branding instead of the CIS default.

List CIS Benchmark Profiles on the Command Line

Want a quick list of the profiles associated with a CIS Benchmark on the command line without having to search inside XCCDF XML files? We’ve added a new option that can be used on the command line to display informational output, such as profile level descriptions, associated with a CIS Benchmark. Use the “-bi” (show list of profiles) option in conjunction with the “-b” (benchmark) option to show a benchmark’s profiles. Use this command below to produce the list of profiles for Microsoft Windows 10 Enterprise 1909 CIS Benchmark from a Windows command line:

C:\CIS\Assessor-CLI-v4.0.16\Assessor-CLI>Assessor-cli.bat -b C:\CIS\Assessor-CLI-v4.0.16\benchmarks\ CIS_Microsoft_Windows_10_Enterprise_Release_1909_Benchmark_v1.8.0-xccdf.xml -p “Level 2 (L2) - High Security/Sensitive Data Environment (limited functionality)”

 

Once the list of profiles is produced to the screen, copy the desired profile name and utilize it. See the CIS Benchmark assessment command below from a Windows command line:

 

windows-command-line

 

C:\CIS\Assessor-CLI-v4.0.16\Assessor-CLI>Assessor-cli.bat -b C:\CIS\Assessor-CLI-v4.0.16\benchmarks\ CIS_Microsoft_Windows_10_Enterprise_Release_1909_Benchmark_v1.8.0-xccdf.xml -bi

Upcoming Webinars for CIS SecureSuite Members

Want to learn more about the new scanning abilities of CIS-CAT Pro Dashboard? Join SecureSuite Membership today and access webinars covering all of the latest functionality.

CIS WorkBench 101 – Getting the most out of CIS WorkBench

January 22, 2019 at 1:00PM EST

CIS Workbench is the primary site for your CIS SecureSuite Membership resources. Understand all of the features that this platform provides:

  • Join communities and participate in the consensus-based process
  • Update your profile to manage alerts related to communities
  • Access “Members Only” resources
  • Become a CIS SecureSuite company manager for your organization
  • Customize a CIS Benchmark to fit your organization's needs

The Basics of CIS SecureSuite Membership

January 28, 2019 at 2:00 PM EST

New to CIS SecureSuite or need a refresher about Membership resources? Join us for an upcoming webinar. We’ll give you an overview of Membership benefits and provide a demonstration of CIS-CAT Pro.

CIS-CAT Pro - Introduction to Assessor v4 Service

January 30, 2020 at 11:30AM EST

We will show you how to initiate an ad hoc assessment from CIS-CAT Pro Dashboard using a web service request to CIS-CAT Pro Assessor v4. Join CIS-CAT Pro Product Owner Maureen Kunac to learn how to simplify your remote assessment processes with CIS-CAT Pro Assessor v4 Service.

CIS SecureSuite Members can register for any of the webinars here: https://www.cisecurity.org/cis-securesuite/member-webinars/

Collaborating with the CIS-CAT Pro Community

CIS is deeply thankful for our volunteers, partners, and CIS SecureSuite Members who work together to improve configuration security for everyone. By providing feedback on best practices, testing new software builds, and more, our communities are continuously helping us improve and grow. We couldn’t do it without you!

Get started with the new versions today

CIS SecureSuite Members can download the latest updates to CIS-CAT Pro Dashboard by logging in to CIS WorkBench. Don’t forget to check the CIS-CAT Pro Dashboard Change Log and CIS-CAT Pro Assessor v4 Change Log for a complete listing of all changes!