CIS CSAT Pro v1.7: CIS Controls v8 Assessment and More
The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Critical Security Controls (CIS Controls). You can track progress over time and identify areas for improvement. CIS CSAT Pro is the on-premises version of CSAT, and is available to CIS SecureSuite Members. This blog walks you through some of the new features that were added in the last three releases: v1.5, v1.6, and v1.7.
CIS Controls v8
Along with the release of CIS Controls v8 in May, CSAT Pro was updated to support assessments for Controls v8. When creating a new assessment, you can select between Controls v7.1 and v8 assessments. You can also import Controls v8 assessments that you’ve exported from CSAT. CIS Controls v8 assessments offer the same exports as other assessments – Board Level Slides and CSV spreadsheets of CIS Safeguards.
CIS Controls v8 Assessment in CSAT Pro
Download the CIS Controls v8 mappings to these and other frameworks from CIS WorkBench.
Copy CIS CSAT Pro Assessments
Organization Admins can now make a full copy of an entire CIS CSAT Pro assessment using the Copy Assessment button on the Assessment Dashboard. This includes all the scores, assignments, workflow status information, discussion comments, Safeguard history, Safeguard applicability, custom tags, and evidence files. The assessments are not linked after the copy – so changes to either the original or the copy are independent and will not affect the other assessment. The Copy Assessment functionality can be used in several ways:
- An assessment can be closed at the end of an assessment period and a new assessment for the next assessment period can be started using the existing assessment’s data.
- An assessment template can be created that is used to generate other assessments. For instance, an organization may want to assess against IG1 plus a few additional Safeguards, and minus a few other Safeguards. A template can be created with the desired Safeguards set to Applicable (set to Closed to lock it in an unscored state), and then the working assessments can be created as copies of that template assessment.
Bulk Actions on the Assessment Summary Page
Bulk actions are now available on the Assessment Summary page, allowing you to modify multiple Safeguards at once. On the left side of this page, there are checkboxes to select Safeguards, a drop down menu to select a bulk action, and a Bulk Edit button to perform the chosen action on the selected Safeguards. There are three bulk actions available:
- Assign User – assigns a user and due date to the selected Safeguards
- Toggle Applicability – sets the applicability of the selected Safeguards
- Unassign User – removes the assigned user from the selected Safeguards
Export Filtered CSV
Another new addition to the Assessment Summary page is the Export Filtered CSV button. Using the existing filtering capability on this page, you can filter the assessment’s Safeguards based on your chosen criteria and then export a spreadsheet containing just that set of Safeguards.
Graph Descriptions
Descriptions for the graphs are now available from inside CIS CSAT Pro, by clicking on the blue information icon after the graph’s title:
These descriptions are available for the graphs on the Assessment Dashboard, as well as for the Assessment History graph on the Organization Info page.
Evidence File Updates
We’ve made a couple of improvements for evidence files. First, we’ve increased the maximum allowable size for evidence file uploads from 5MB to 15MB:
Second, we made sure that you can still download your uploaded evidence files even when the Safeguard is in the validated workflow state, marked as Not Applicable, or when the assessment containing the Safeguard is closed:
While you still won’t be able to upload additional evidence files or delete evidence files in those cases, you will still have access to those files that were already uploaded to the Safeguard.
Security, Performance, User Experience, and Bug Fixes
Additionally, we’ve made other changes to improve security, performance, user experience, and to fix bugs, including:
- Important security updates including updating outdated third-party library dependencies
- Performance improvements to decrease the time for certain long running actions
- Installer updates including a warning if it appears you’re using the wrong version of Neo4j
- Bug fix for the Implementation Group dropdown action so it only applies to the current assessment (see the Troubleshooting page for more details)
- Bug fix to correct an issue with the Monthly Assessment Average graph that had prevented it from displaying in certain cases
- Bug fix to correct the Implementation Group Average graph calculations
Check out the change log to see the full list of changes for this release and previous CIS CSAT Pro releases. Blogs that walk through some of the features added in previous releases are also available:
- CIS CSAT Pro v1.3.0 and v1.4.0 blog
- CIS CSAT Pro v1.2.0 blog
- CIS CSAT Pro v1.1.0 blog
- CIS CSAT Pro v1.0.0 blog
Getting Started with CIS CSAT Pro v1.7.0
Interested in trying out the new version? It’s available to CIS SecureSuite Members. Join the CSAT Pro Community in CIS WorkBench, and download the appropriate installer for your environment (Windows or Unix). If you’ve installed a previous version of CIS CSAT Pro, the installer will upgrade your existing installation. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation.