The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Critical Security Controls (CIS Controls). You can track progress over time and identify areas for improvement. CIS CSAT Pro is the on-premises version of CSAT, and is available to CIS SecureSuite Members. This blog walks you through some of the new features that were added in the last three releases: v1.5, v1.6, and v1.7.
Along with the release of CIS Controls v8 in May, CSAT Pro was updated to support assessments for Controls v8. When creating a new assessment, you can select between Controls v7.1 and v8 assessments. You can also import Controls v8 assessments that you’ve exported from CSAT. CIS Controls v8 assessments offer the same exports as other assessments – Board Level Slides and CSV spreadsheets of CIS Safeguards.
CIS Controls v8 Assessment in CSAT Pro
Download the CIS Controls v8 mappings to these and other frameworks from CIS WorkBench.
Organization Admins can now make a full copy of an entire CIS CSAT Pro assessment using the Copy Assessment button on the Assessment Dashboard. This includes all the scores, assignments, workflow status information, discussion comments, Safeguard history, Safeguard applicability, custom tags, and evidence files. The assessments are not linked after the copy – so changes to either the original or the copy are independent and will not affect the other assessment. The Copy Assessment functionality can be used in several ways:
Bulk actions are now available on the Assessment Summary page, allowing you to modify multiple Safeguards at once. On the left side of this page, there are checkboxes to select Safeguards, a drop down menu to select a bulk action, and a Bulk Edit button to perform the chosen action on the selected Safeguards. There are three bulk actions available:
Another new addition to the Assessment Summary page is the Export Filtered CSV button. Using the existing filtering capability on this page, you can filter the assessment’s Safeguards based on your chosen criteria and then export a spreadsheet containing just that set of Safeguards.
Descriptions for the graphs are now available from inside CIS CSAT Pro, by clicking on the blue information icon after the graph’s title:
These descriptions are available for the graphs on the Assessment Dashboard, as well as for the Assessment History graph on the Organization Info page.
We’ve made a couple of improvements for evidence files. First, we’ve increased the maximum allowable size for evidence file uploads from 5MB to 15MB:
Second, we made sure that you can still download your uploaded evidence files even when the Safeguard is in the validated workflow state, marked as Not Applicable, or when the assessment containing the Safeguard is closed:
While you still won’t be able to upload additional evidence files or delete evidence files in those cases, you will still have access to those files that were already uploaded to the Safeguard.
Additionally, we’ve made other changes to improve security, performance, user experience, and to fix bugs, including:
Check out the change log to see the full list of changes for this release and previous CIS CSAT Pro releases. Blogs that walk through some of the features added in previous releases are also available:
Interested in trying out the new version? It’s available to CIS SecureSuite Members. Join the CSAT Pro Community in CIS WorkBench, and download the appropriate installer for your environment (Windows or Unix). If you’ve installed a previous version of CIS CSAT Pro, the installer will upgrade your existing installation. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation.