Essential cyber hygiene is the foundation for any good cybersecurity program. The Center for Internet Security (CIS) defines essential cyber hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls (CIS Controls).
The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts around the world. The Safeguards included in IG1 represent essential cyber hygiene for any organization and can help protect organizations from all five of the top attack vectors identified in the CIS Community Defense Model (CIS CDM).
The prospect of implementing the CIS Controls can seem daunting, but one tool, in particular, makes this effort easier for IT security teams. The CIS Controls Self Assessment Tool (CIS CSAT) makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document. Organizations can collaborate across teams with a built-in workflow to answer a set of questions based on the selected Implementation Group. The answers to the questions generate an overall score that shows how well an organization implements the CIS Controls. Progress is tracked over time and compared to industry average scores.
Thousands of organizations have already made the move from traditional spreadsheet tracking of CIS Controls implementation to take advantage of CIS CSAT and improve their cyber hygiene.
There are two versions of CIS CSAT: a CIS-hosted version and an on-premises version called CIS CSAT Pro. The CIS-hosted version of CIS CSAT is free to every organization for use in a non-commercial capacity to conduct CIS Controls assessments of their organization. The on-premises version, CIS CSAT Pro, is available exclusively for CIS SecureSuite Members.
Members also have access to CIS-CAT Pro, a configuration assessment tool for the CIS Benchmarks, as well as other resources. The inclusion of CIS CSAT Pro in Membership allows Members to effectively assess their implementation of both the CIS Benchmarks and CIS Controls.
While still offering the same assessment workflow that users have come to rely on in the free version, CIS CSAT Pro offers some additional features. First, users can opt-in to share data anonymously in order to compare their scores to industry or other peer groups. Within CIS CSAT Pro, users can create multiple organization trees. This feature provides greater flexibility in how to track organizations, sub-organizations, and assessments. In addition to this feature, users can build multiple concurrent assessments in the same organization or sub-organization.
CIS CSAT Pro also offers the ability to assign users to different roles for different organizations and sub-organizations. For instance, a user can be an Organization Admin for some organizations, have limited access to other organizations, and have no role in other organizations. Furthermore, users can have separate roles within an organization. A user can be given access to work on all parts of an organization’s assessments without being given an administrative role in that same organization.
Notably, organizations that have already started assessments in the free version of CIS CSAT can easily export those assessments and import them into CIS CSAT Pro. Implementation scores simply carry over.
Overall, CIS CSAT Pro gives users greater control over their data, while providing greater flexibility in how they manage users, organizations, and assessments within the tool. It can help organizations improve their cyber hygiene, regardless of their size or resources.
This powerful tool identifies well-implemented Safeguards from the CIS Controls and highlights areas for improvement. This understanding is extremely useful to help organizations decide where to devote their limited cybersecurity resources. CIS CSAT Pro is one of several powerful tools available with CIS SecureSuite Membership.