CIS SecureSuite Membership FREE for U.S. SLTTs: What You Need to Know
Starting this year, CIS is making CIS SecureSuite Membership free to state, local, tribal, and territorial (SLTT) governments in the United States. Examples of SLTTs include:
- Public universities and schools
- Local law enforcement agencies
- State government offices
- Local governments (cities and counties)
- Public airports, authorities, and utilities
CIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. In this blog post, we’ll show you how to access these tools and make the most of your membership.
All of the CIS SecureSuite Membership resources are available to download from CIS WorkBench; the central hub for CIS Benchmark files, discussion forums, program files, and more.
What’s a CIS Benchmark?
CIS Benchmarks are secure configuration standards for 150+ technologies. Because most applications are configured for convenience over security, it’s important to review the settings for every operating system, browser, and technical program in your organization. CIS Benchmark recommendations are developed by an international community of cybersecurity professionals and subject matter experts through a robust consensus-based process.
By creating an account and logging into CIS WorkBench, users can participate in community discussions and download CIS Benchmark files in PDF format. CIS SecureSuite Members have access to additional files in CIS WorkBench, including additional benchmark formats (such as XML, Word, and Excel), remediation content and program files for CIS-CAT Pro Assessor and Dashboard.
How to Get Started
For MS-ISAC Members: U.S. SLTT entities are also eligible for membership in the Multi-State Information Sharing and Analysis Center® (MS-ISAC). If your organization is already an MS-ISAC Member, all you need to do is register for a CIS WorkBench account to begin downloading and accessing your CIS SecureSuite Membership resources.
Once logged into CIS WorkBench, click on the “Download” tab to access your membership resources like CIS-CAT Pro files and remediation kits.
For non-MS-ISAC Members: If your organization is a U.S. State, Local, Tribal, or Territorial (SLTT) entity but not an MS-ISAC Member, CIS SecureSuite Membership is still free! You’ll just need to apply first.
Not sure where to start?
Contact us at firstname.lastname@example.org and we’ll help you out!
CIS SecureSuite Membership Resources
CIS-CAT Pro Assessor
CIS-CAT Pro Assessor is our premier configuration assessment tool. It scans a target system and compares the system’s settings to the recommend configurations contained within the CIS Benchmark for that technology. Most technologies can have hundreds of possible configurations, so reviewing them with CIS-CAT Pro can save you serious time when compared to a manual analysis.
Once the scan is complete, CIS-CAT Pro provides a report (available in multiple formats) showing how the system assessed performed against the benchmark – providing an overall score as well as test results for each check and remediation steps for noncompliant settings.
Want to review your compliance over time? Be sure to generate the XML reports for your CIS-CAT Pro assessments; you’ll use these to view your security posture over a period of time with CIS-CAT Pro Dashboard.
CIS-CAT Pro Dashboard
CIS-CAT Pro Dashboard is the companion tool to CIS-CAT Pro Assessor. CIS-CAT Pro Dashboard consumes XML assessment reports and displays the results in an easy-to-read chart which shows compliance over time. CIS-CAT Pro Dashboard also provides “tagging” functionality to allow users who are assessing multiple machines with CIS-CAT Pro to separate, sort and view assessment results by group (such as by department or by specific security requirements).
CIS-CAT Pro Dashboard also offers a “CIS Controls View” of assessment results, giving you insight into your system’s security when aligned with the CIS Controls.
What are the CIS Controls?
The CIS Controls are a prioritized list of actions to help organizations improve their cybersecurity posture. The CIS Controls provide specific and actionable ways to thwart the most pervasive cyber threats.
After you’ve run CIS-CAT Pro and you know which system configurations are vulnerable, it’s time to make corrections. You can address misconfigurations manually (with steps provided in each CIS-CAT Pro Assessor HTML report), or apply one of our automated remediation kits. Available to all CIS SecureSuite Members, remediation kits quickly apply the recommended CIS Benchmark settings to a target system.
Remediation kits come in two major varieties – Group Policy Objects (GPOs) for Windows systems and shell scripts for Linux environments. Today, CIS has remediation kits for over 40 technologies. View the full list of remediation kits.
In addition to CIS-CAT Pro Assessor and Dashboard, extended file versions of CIS Benchmarks, and remediation kits, as a CIS SecureSuite Member your organization will enjoy:
- Member-only discussion forums on CIS WorkBench
- Option to list your organization’s name/logo on our website
- Enhanced support from staff and developers
- Use of the CIS SecureSuite logo
CIS SecureSuite Members can also customize CIS Benchmark files and the resulting CIS-CAT Pro assessments to meet their organizational policies and needs. More information about CIS Benchmark customization can be found in CIS WorkBench via the Policy Customization Guide. Our expert staff can also help you tailor a benchmark to meet your internal security policy.
Up Next: Attend our Webinar
On Tuesday, February 6 at 2:00 PM EST, we’ll be hosting a webinar for SLTT organizations interested in CIS SecureSuite Membership. Be sure to attend to learn about how to make the most of your membership benefits, including running CIS-CAT Pro and downloading resource files.