CIS CSAT Pro v1.1.0: New Features and Mappings for Assessing CIS Controls Implementation

The CIS Controls Self Assessment Tool (CIS CSAT) Pro allows organizations to assess their implementation of the CIS Controls, enabling them to track their progress over time and identify areas for improvement. Newly updated CIS CSAT Pro v1.1.0 brings new features including visualization of an entire organization tree, exportable graphs, NIST 800-53 mappings, organization history, and task reminders and email notifications.

Visualization with the Organization Chart

Users can now see an organization chart that shows an entire organization tree:


Features of the Organization Chart include:

  • Each organization and sub-organization in the organization tree is displayed in a block displaying:
    • The organization’s industry
    • The total number of sub-organizations under it
    • The number of sub-organizations directly under it
  • The currently selected organization is highlighted in green.
  • Each organization block is clickable, taking you to the Organization Info page for that organization.
  • Sub-organizations can be displayed or hidden.
  • Easily navigate large organization charts by dragging to move around the chart. Zoom in or out with the scroll wheel of the mouse.


Board Level Slides Export

In addition to the CIS Sub-Control level CSV spreadsheet export that was already available, users can now export a set of slides containing the graphs and summary data from the Assessment Dashboard and the organization’s Assessment History graph. These graphs are exported in PPTX format.

Sample graph:



NIST 800-53 Mappings

The mappings from the CIS Sub-Controls to the NIST 800-53 Rev4 Low Baseline are now displayed in CIS CSAT Pro’s Sub-Control view. Users can click on the mapping to see additional details.

Example of details for vulnerability scanning:


Download the CIS Sub-Controls NIST 800-53 Rev4 Low Baseline mapping from the website or from CIS WorkBench.


Organization History

The new Organization History section displays an event log for the selected organization on its Organization Info page. Events logged in this section, along with which user performed the action and when, include:

  • User changes (added, removed, or a role change in the organization)
  • Sub-organization creation/deletion
  • Changes in the organization’s information (name, website, or industry)

This screenshot shows how Organization History is displayed:



Task Reminders and Email Notifications

Users can now send an email, along with an optional comment, to the user assigned to a task to remind that user to complete it. Similarly, users can send a reminder (with optional comment) to the assigner of a task to remind them to review and validate the task.

Users automatically receive an email with task details when a task assigned by them is completed. Assigned users and users who completed a task receive an email notification when that task is sent back for additional changes.

Check out the change log to see the full list of changes.


Getting Started with CIS CSAT Pro v1.1.0

Interested in trying out the new version? It’s available to CIS SecureSuite Members. Join the CSAT Pro Community in CIS WorkBench and download the appropriate installer for your environment (Windows or Unix). If you’ve previously installed CIS CSAT Pro v1.0.0, the installer makes upgrading a snap; it will detect the existing version and upgrade it for you. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation.

Not a CIS SecureSuite Member yet? Benefits include access to CIS CSAT Pro as well as other great CIS tools and resources. There’s no better time to join. Save up to 20% on a new Membership now through October 31 with promo code CIS-2020.