What SLTTs Should Know About the FREE CIS SecureSuite Membership

What do public universities and schools, local law enforcement agencies, state government offices, and public utilities have in common? They're all examples of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. These entities are close to the populations to whom they deliver critical goods and services, and all are in a position where downtime from a cyber attack could significantly disrupt people's lives.

A common problem that many of these organizations face is that they don't have the expertise and resources readily available to strengthen their information security posture. This leaves SLTTs and the constituents they serve vulnerable to malicious actors.

At the Center for Internet Security (CIS), we offer CIS SecureSuite Membership at no cost to SLTTs to help these organizations enhance their cyber defenses.

CIS SecureSuite gives organizations access to a collection of integrated cybersecurity tools and resources that help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. When used together, these utilities reduce CIS SecureSuite Members' attack surfaces, all while saving them time and money.

In this blog post, we’ll show you how to access these tools and make the most of your Membership.

All Roads Lead to CIS WorkBench

All Membership resources are available to download from CIS WorkBench, the central hub for CIS Benchmark files, discussion forums, tooling files, and more.

CIS Benchmarks are secure configuration standards for 100+ technologies across more than 25 product families. Because most applications are configured for convenience over security, it’s important to review the settings for each operating system, browser, and technical program in your organization. CIS Benchmark recommendations are the work of an international community of cybersecurity professionals and subject matter experts who engage in a robust consensus-based process.

Get to Know the CIS Benchmarks

By creating an account and logging into CIS WorkBench, users can participate in community discussions and download CIS Benchmark files in PDF format. CIS SecureSuite Members have access to even more files in CIS WorkBench, including additional CIS Benchmark formats (such as XML, Word, and Excel), CIS Build Kits, and program files for both CIS-CAT Pro Assessor and Dashboard. Members also have access to CIS CSAT Pro, a tool for tracking implementation of the CIS Critical Security Controls.

CIS SecureSuite Membership Resources

We know SLTTs have limited resources and staff. Our CIS SecureSuite Membership tools and resources make it easier to enhance your cyber defenses.

Evaluate Your Technology's Configurations

CIS-CAT Pro Assessor is our premier configuration assessment tool that automatically assesses the status of your hardening efforts. It scans a target system and compares the system’s settings to the recommended configurations contained within the CIS Benchmark for that technology. Most technologies can have hundreds of possible configurations, so reviewing them with CIS-CAT Pro can save significant time over manual analysis.

Once the scan is complete, CIS-CAT Pro provides a report (available in multiple formats) showing how the assessed system performed against the CIS Benchmark. It provides an overall score as well as test results for each check and remediation steps for non-compliant settings.

Want to review your compliance over time? Be sure to generate the XML reports for your CIS-CAT Pro assessments. You’ll use these to view your security posture over time with CIS-CAT Pro Dashboard.

View and Track Assessment Results

CIS-CAT Pro Dashboard is the companion tool to CIS-CAT Pro Assessor. It provides a graphical view of your system hardening by consuming XML assessment reports and displaying the results in an easy-to-read chart that shows compliance over time. CIS-CAT Pro Dashboard also provides “tagging” functionality to enable users who are assessing multiple machines with CIS-CAT Pro to separate, sort, and view assessment results by group, such as by department or by specific security requirements.

Additionally, CIS-CAT Pro Dashboard offers a “CIS Controls View” of assessment results, giving you insight into your system’s security when aligned with the CIS Controls.

The CIS Controls are a prioritized list of actions to help organizations improve their cybersecurity posture. They provide specific and actionable ways to thwart the most pervasive cyber threats.

Automate the Implementation of Security Recommendations

After you’ve run CIS-CAT Pro and know which system configurations are vulnerable, it’s time to make corrections. You can address misconfigurations manually with steps provided in each CIS-CAT Pro Assessor HTML report, or you can apply one of our automated CIS Build Kits. Available to all CIS SecureSuite Members, CIS Build Kits quickly apply the recommended security guidelines in a CIS Benchmark to a target system, making it even easier to harden your systems.

CIS Build Kits come in two major types – Group Policy Objects (GPOs) for Windows systems and shell scripts for Linux environments. Today, CIS has Build Kits for over 40 technologies. View the full list. 

Track Your Use of Security Best Practices

CIS SecureSuite Membership also helps with the implementation of the CIS Controls. Our CIS Controls Self Assessment Pro Tool (CIS CSAT Pro) helps you prioritize your implementation of the the CIS Controls in a way that works for your specific security requirements.

CIS CSAT Pro enables you to assign users to different roles for different organizations/sub-organizations as well as achieve greater separation of administrative and non-administrative roles. From there, you can assign tasks and track individual assessments using a consolidated home page. CIS CSAT Pro then tracks your progress in enacting the CIS Controls using a simplified scoring method.

Ultimately, you can use these results to put the security fundamentals in place. This foundation is critical for adjusting your security efforts over time as your needs continue to evolve.

Additional Benefits

In addition to CIS-CAT Pro Assessor and Dashboard, extended file versions of CIS Benchmarks, and CIS Build Kits, and CIS CSAT Pro, CIS SecureSuite Membership enables your organization to enjoy:

  • Member-only discussion forums on CIS WorkBench
  • Enhanced support from staff and developers
  • Use of the CIS SecureSuite logo
  • The option to list your organization’s name/logo on our website

CIS SecureSuite Members can also customize CIS Benchmark files and the resulting CIS-CAT Pro assessments to meet their organizational policies and needs. More information about CIS Benchmark customization can be found in CIS WorkBench via the Policy Customization Guide. Our expert staff can also help you tailor a Benchmark to meet your internal security policy.

How to Get Started

For MS-ISAC Members

U.S. SLTTs are eligible for CIS SecureSuite Membership through the Multi-State Information Sharing and Analysis Center® (MS-ISAC® ). If your organization is already an MS-ISAC member, all you need to do is register for a CIS WorkBench account to access and download your CIS SecureSuite Membership resources.

Once logged into CIS WorkBench, you can click on the “Download” tab to access your Membership resources like CIS-CAT Pro files and CIS Build Kits.

For Non-MS-ISAC Members

If your organization is an SLTT entity but not yet an MS-ISAC Member, CIS SecureSuite Membership is still free! You’ll just need to apply.

Not Sure Where to Start?

Contact us at [email protected], and we’ll help you out!