Available through CIS SecureSuite Membership®, CIS-CAT Pro quickly compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100.


Using CIS-CAT Pro, CIS SecureSuite Members can:

  • Routinely assess the configuration of production systems compared with the CIS Benchmarks and internal security policies.
  • View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
  • Create standard configuration images for hardening systems prior to deployment.
  • Improve security awareness by comparing the security of "out of the box" systems and hardened systems.
  • Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities.
  • Compare Windows 10 endpoints against CIS Controls V7.1 Implementation Group 1
CIS-CAT Pro Dashboard

CIS-CAT Pro Dashboard is a companion tool to CIS-CAT Pro Assessor. It consumes CIS-CAT Pro assessment reports and shows system(s) compliance over a period of time. CIS-CAT Pro Dashboard provides:

  • CIS Controls view for annotated CIS Benchmark content
  • Assessment results that can be collated and sorted per-benchmark or per-device
  • Custom device tagging (PCI, admin, etc.) to view compliance for a group of systems
  • Ability to create exceptions to CIS Benchmark content and immediately recalculate assessment scoring
CIS Controls Assessment Module

With the CIS Controls Assessment Module, users can assess target machines against the CIS Controls V7.1 Implementation Group 1 using CIS-CAT Pro. The CIS Controls Assessment Module offers automated endpoint assessment against Windows 10 environments. It consists of a scanning component as well as manual questions to assess compliance.

ArrowBlog post: CIS Controls Assessment Module 

Technical Details

CIS-CAT Pro is a host-based configuration assessment tool. It includes both a command-line interface (CLI) and a graphical user interface (GUI). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires JRE v1.6 or later. CIS-CAT Pro and its JRE can reside on a target system or on any network drive or removable drive that has network access to the target system being assessed.

CIS-CAT Pro currently supports 85+ CIS Benchmarks.

CIS-CAT Pro can read customized input files to allow members to compare the configuration of their systems with both the CIS Benchmarks and their customized configuration policies. This feature is enabled by user modification of the CIS Benchmark XCCDF files. 

SCAP Validation as an Authenticated Configuration Scanner

CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" for specific platforms. Details are available on the NIST website.

Want to learn more?


Join our next webinar to see a CIS-CAT demonstration ArrowSee Webinar Details


We've answered popular questions Arrow CIS-CAT FAQ

Questions about CIS-CAT Pro Dashboard? We've got you covered Arrow CIS-CAT Pro Dashboard FAQ

Contact Us

Still have questions? Arrow Contact us



Ready to enroll in CIS SecureSuite Membership?
Arrow Apply here
Arrow See pricing


CIS-CAT Lite is our free configuration assessment tool with the CIS Controls Assessment Module, coverage for Google Chrome, and more.
Arrow Download CIS-CAT Lite


Learn more with our bi-monthly webinar!
Arrow See more details


Questions about CIS-CAT?
Arrow Contact us