CIS SecureSuite Membership® includes access to tools to help organizations achieve cyber security goals. The CIS-CAT Pro tools are one of the many benefits of membership.
CIS Tools and Best Practices Work Together
When organization join CIS SecureSuite, they gain the benefit of tools built to coordinate with global industry best practices. Our suite of CIS-CAT Pro tools are utilized in final testing steps of the development of automated CIS Benchmark content. CIS-CAT Pro supports CIS Benchmarks tailored utilizing CIS WorkBench. CIS-CAT Pro reporting exhibits cross references to CIS Controls 18 foundational and advanced cybersecurity actions to help organizations evaluate target system security states.
CIS-CAT Pro Assessor
CIS-CAT® Pro Assessor evaluates the cybersecurity posture of a system against recommended policy settings. The tool helps organizations save time and resources by supporting automated content with policy setting recommendations based on the globally recognized CIS Benchmarks. It also provides IT and security professionals peace of mind by providing vulnerability scanning functionality for missed system patches.
The tool is maintained at a location under each Member’s control. Whether your organization’s use is virtual, cloud, in-network, or on a local machine, CIS-CAT Pro helps ensure compliance to policies. To support the broadest possible portability, CIS-CAT Pro is a Java application and requires a compatible JRE to execute an assessment. Depending on the assessment workflows your organization selects, the JRE may reside on a target or a network drive.
Stay up to date by reviewing our system recommendations for CIS-CAT Pro v4. CIS-CAT Pro Assessor v4 also has the ability to assess remote target systems (systems existing anywhere), while CIS-CAT Pro Assessor v3 can assess in-network or locally only. Remote assessment CLI operations require a JRE present only on the CIS-CAT Pro Assessor host system. Using the CIS-CAT Pro Assessor v4 GUI application requires no additional installation of a JRE as needed components are embedded and utilized only at run-time.
- Automates comparison of benchmark policy to target system states
- Automates assessments of vulnerabilities due to missed system patches for supported platforms such as Microsoft Windows and Red Hat
- Remote (v4 only) or local assessment capability
- Graphical user interface (GUI) or command line (CLI) for performing assessment activities
- Output conformance scores on a scale of 1 to 100
- Produce output via API to CIS-CAT Pro Dashboard
- Produce reports in HTML, csv, JSON, or text formats
- Supports automated configuration assessments for 80+ CIS Benchmarks
- Supports automated controls assessments for CIS Controls v7.1, Implementation Group 1 for Microsoft Windows 10 and Microsoft Windows Server
CIS-CAT Pro Dashboard
CIS-CAT Pro Dashboard is a web-based application that provides an graphical interface to viewing assessment results generated by CIS-CAT Pro Assessor. CIS-CAT Pro supports deployment options on Windows or Linux system. A relational database provides storage of supporting assessment information. The top benefits of this application are listed below.
- Graphically view target system configuration assessment results by tags, by Benchmark, or overall
- Drill down to individual assessment results
- Apply exceptions with rationale and recalculate scores upon exception acceptance
- Configuration results view by CIS Controls for annotated CIS Benchmark content
- Apply user-defined tags to target systems for easy grouping or exception application
- Automatic in-dashboard alerts based on user-configured configuration score difference values
- Automatic in-dashboard alerts when new CIS-CAT Pro releases are available
- Difference reports show configuration drift from one assessment to the current
CIS-CAT Pro Assessor v4 Service
CIS-CAT Pro Assessor v4 Service is a web service version of CIS-CAT Pro Assessor v4. CIS-CAT Pro Assessor v4 Service is designed to interact with the CIS-CAT Pro Dashboard v1.1.11+ to allow ad-hoc configuration assessments to be run from CIS-CAT Pro Dashboard against a remote target system. Provides support for assessments of operating systems and some applications.
CIS Controls Assessment Module
With the CIS Controls Assessment Module, users can assess target machines against the CIS Controls V7.1 Implementation Group 1 using CIS-CAT Pro. The CIS Controls Assessment Module offers automated endpoint assessment against Windows 10 environments. It consists of a scanning component as well as manual questions to assess compliance.
SCAP Validation as an Authenticated Configuration Scanner
CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" for specific platforms. Details are available on the NIST website.
Want to learn more?
Join our next webinar to see a CIS-CAT demonstration See Webinar Details
We've answered popular questions CIS-CAT FAQ
Questions about CIS-CAT Pro Dashboard? We've got you covered CIS-CAT Pro Dashboard FAQ
Still have questions? Contact us