CIS CSAT: A Free Tool for Assessing Implementation of CIS Critical Security Controls
The CIS Critical Security Controls are a community-built set of prioritized cybersecurity guidance. They have been growing in popularity over the past 10 years. The CIS Controls are being used and developed by thousands of cybersecurity experts around the world. To help organizations with their adoption of the CIS Controls, CIS has developed a new web application. This tool makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document.
Introducing CIS CSAT
The hosted version of our CIS Controls Self Assessment Tool, or CIS-Hosted CSAT, is a free web application that enables security leaders to track and prioritize their implementation of the CIS Controls. CIS CSAT’s questions are based off the popular Critical Security Manual Assessment Tool excel document and the platform was developed by our partners at EthicalHat. For each CIS Control and sub-control, CSAT helps organizations track its documentation, implementation, automation, and reporting.
Cybersecurity is a team sport
CIS CSAT is a self-assessment platform which allows teams to join and collaborate on questions related to the CIS Controls. With CIS CSAT, the first person to register from your organization will be designated the “Owner.” Owners can add additional team members to the platform, so you can work on an implementation of the CIS Controls together. Owners using CIS CSAT can also:
- Delegate questions to other team members
- Set deadlines for each CIS Control and sub-control
- Collect documentation related to your findings
- Capture team discussion about each assessment question
Reporting you can use
Data is most useful if you can access it – which is why we’ve made it easy to share reports from CIS CSAT. Leverage your results with automatic reporting features, historical tracking, and access to raw data formats. You’ll be able to export assessment charts and other results directly into PowerPoint, Excel, and PDF.
Assessment results from CIS CSAT can be exported per department or organizational unit, or you can take a more holistic view of the entire organization’s security. With cross-mappings to additional security frameworks like NIST SP800-53 and PCI DSS, you can also track your alignment between other best practices and the CIS Controls. This free tool, along with its on-premises counterpart (CIS CSAT Pro), also allows you to anonymously compare your results to the average of your industry or other peer groups to help drive the direction of your security program.
Want to learn more about how to strengthen your cyber defenses with CIS CSAT? Check out our video below.