CIS SecureSuite Membership® includes access to tools to help organizations achieve cyber security goals. The CIS-CAT Pro tools are one of the many benefits of membership.
CIS Tools and Best Practices Work Together
When organization join CIS SecureSuite, they gain the benefit of tools built to coordinate with global industry best practices. Our suite of CIS-CAT Pro tools are utilized in final testing steps of the development of automated CIS Benchmark content. CIS-CAT Pro supports CIS Benchmarks tailored utilizing CIS WorkBench. CIS-CAT Pro reporting exhibits cross references to CIS Critical Security Controls 18 foundational and advanced cybersecurity actions to help organizations evaluate target system security states.
CIS-CAT Pro Assessor
CIS-CAT® Pro Assessor evaluates the cybersecurity posture of a system against recommended policy settings. The tool helps organizations save time and resources by supporting automated content with policy setting recommendations based on the globally recognized CIS Benchmarks. It also provides IT and security professionals peace of mind by providing vulnerability scanning functionality for missed system patches.
The tool is maintained at a location under each Member’s control. Whether your organization’s use is virtual, cloud, in-network, or on a local machine, CIS-CAT Pro helps ensure compliance to policies. To support the broadest possible portability, CIS-CAT Pro is a Java application and requires a compatible JRE to execute an assessment. Depending on the assessment workflows your organization selects, the JRE may reside on a target or a network drive.
Stay up to date by reviewing CIS-CAT Pro Assessor Configuration and User Guide. CIS-CAT Pro Assessor v4 includes functions to assess remote or local target systems, whether they reside in the cloud or on premise. Currently, remote assessment CLI operations require a JRE/JDK/openJDK present on the CIS-CAT Pro Assessor host system. The CIS-CAT Pro Assessor v4 GUI application requires no additional JRE/JDK component as it is embedded and utilized only at run-time.
- Automates comparison of benchmark policy to target system states
- Automates assessments of vulnerabilities due to missed system patches for supported platforms such as Microsoft Windows and Red Hat
- Remote or local assessment capability
- Architecture in conformance with NIST Security Content Automation Protocol (SCAP), in process for official validation
- Graphical user interface (GUI) or command line (CLI) for performing assessment activities
- Output conformance scores on a scale of 1 to 100
- Produce output via API to CIS-CAT Pro Dashboard
- Produce reports in HTML, csv, JSON, or text formats
- Supports automated configuration assessments for 80+ CIS Benchmarks
- Supports automated controls assessments for CIS Controls v7.1, Implementation Group 1 for Microsoft Windows 10 and Microsoft Windows Server
CIS-CAT Pro Dashboard
CIS-CAT Pro Dashboard is a web-based application that provides an graphical interface to viewing assessment results generated by CIS-CAT Pro Assessor. CIS-CAT Pro supports deployment options on Windows or Linux system. A relational database provides storage of supporting assessment information. The top benefits of this application are listed below.
- Graphically view target system configuration assessment results by tags, by Benchmark, or overall
- Drill down to individual assessment results
- Apply exceptions with rationale and recalculate scores upon exception acceptance
- Configuration results view by CIS Controls for annotated CIS Benchmark content
- Apply user-defined tags to target systems for easy grouping or exception application
- Automatic in-dashboard alerts based on user-configured configuration score difference values
- Automatic in-dashboard alerts when new CIS-CAT Pro releases are available
- Difference reports show configuration drift from one assessment to the current
CIS-CAT Pro Assessor v4 Service
CIS-CAT Pro Assessor v4 Service is a web service version of CIS-CAT Pro Assessor v4. CIS-CAT Pro Assessor v4 Service is designed to interact with the CIS-CAT Pro Dashboard v1.1.11+ to allow ad-hoc configuration assessments to be run from CIS-CAT Pro Dashboard against a remote target system. Provides support for assessments of operating systems and some applications.
CIS Controls Assessment Module
With the CIS Controls Assessment Module, users can assess target machines against the CIS Controls V7.1 Implementation Group 1 using CIS-CAT Pro. The CIS Controls Assessment Module offers automated endpoint assessment against Windows 10 environments. It consists of a scanning component as well as manual questions to assess compliance.
Limited Use Tool Availability
The Center for Internet Security (CIS) has stopped delivering and supporting CIS-CAT Pro Assessor v3. This final version of CIS-CAT Pro Assessor v3.0.76 will be available until November 2022 to serve Member needs for the following functionality:
- Configuration assessment support for CIS Benchmarks: HP UX, Cisco ASA Firewall, Oracle Solaris OS, and IBM AIX
- Use of an officially validated tool for NIST Security Content Automation Protocol (SCAP 1.2)
- Inclusion of Java for command line and GUI activities
Please see the Assessor v3 documents for more information on how the tool can be used.
Want to learn more?
Join our next webinar to see a CIS-CAT demonstration See Webinar Details
We’ve answered popular questions CIS-CAT FAQ
Questions about CIS-CAT Pro Dashboard? We’ve got you covered CIS-CAT Pro Dashboard FAQ
Still have questions?