Available through CIS SecureSuite Membership®, CIS-CAT Pro quickly compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100.


Using CIS-CAT Pro, CIS SecureSuite Members can:

  • Routinely assess the configuration of production systems compared with the CIS Benchmarks and internal security policies.
  • View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
  • Create standard configuration images for hardening systems prior to deployment.
  • Improve security awareness by comparing the security of "out of the box" systems and hardened systems.
  • Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities.
  • Compare Windows 10 endpoints against CIS Controls V7.1 Implementation Group 1
CIS-CAT Pro Dashboard

CIS-CAT Pro Dashboard is a companion tool to CIS-CAT Pro Assessor. It consumes CIS-CAT Pro assessment reports and shows system(s) compliance over a period of time. CIS-CAT Pro Dashboard provides:

  • CIS Controls view for annotated CIS Benchmark content
  • Assessment results that can be collated and sorted per-benchmark or per-device
  • Custom device tagging (PCI, admin, etc.) to view compliance for a group of systems
  • Ability to create exceptions to CIS Benchmark content and immediately recalculate assessment scoring
CIS Controls Assessment Module

With the CIS Controls Assessment Module, users can assess target machines against the CIS Controls V7.1 Implementation Group 1 using CIS-CAT Pro. The CIS Controls Assessment Module offers automated endpoint assessment against Windows 10 environments. It consists of a scanning component as well as manual questions to assess compliance.

ArrowBlog post: CIS Controls Assessment Module 

Technical Details

CIS-CAT Pro is configuration assessment tool that is maintained at a location under each Member’s control, whether this is at the Member’s on-premise server or an instance in the cloud. It includes both a command-line interface (CLI) and a graphical user interface (Assessor v3 only and coming soon to Assessor v4). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires a compatible JRE to execute an assessment.

See our system recommendationsfor CIS-CAT Pro v4 for up-to-date technical requirements. CIS-CAT Pro and its JRE can reside on a target system or on any network drive that has network access to the target system being assessed, when completing a local or in-domain assessment. CIS-CAT Pro Assessor v4 also has the ability to assess remote target systems (systems existing anywhere), while CIS-CAT Pro Assessor v3 can assess in-network or locally only. With remote assessment, Java would only need to be present on the CIS-CAT Pro Assessor host system.

SCAP Validation as an Authenticated Configuration Scanner

CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" for specific platforms. Details are available on the NIST website.

Want to learn more?


Join our next webinar to see a CIS-CAT demonstration ArrowSee Webinar Details


We've answered popular questions Arrow CIS-CAT FAQ

Questions about CIS-CAT Pro Dashboard? We've got you covered Arrow CIS-CAT Pro Dashboard FAQ

Contact Us

Still have questions? Arrow Contact us



Ready to enroll in CIS SecureSuite Membership?
Arrow Apply here
Arrow See pricing


CIS-CAT Lite is our free configuration assessment tool with the CIS Controls Assessment Module, coverage for Google Chrome, and more.
Arrow Download CIS-CAT Lite


Learn more with our bi-monthly webinar!
Arrow See more details


Questions about CIS-CAT?
Arrow Contact us