What You Need to Know About the CIS CSAT Pro v1.4.0 Updates

The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to perform assessments on their implementation of the CIS Controls. This enables users to track their progress over time and identify areas for improvement. Recently, there have been updates to CIS CSAT Pro, the on-premises version of CIS CSAT available to CIS SecureSuite Members to increase assessment options and improve overall user experience. These updates in v1.3.0 and the more recently released 1.4.0 include:

  • Mapping to the NIST Cybersecurity Framework (CSF)
  • Ability to import CSAT Pro CSV files
  • Capabilities to delete assessments and edit assessment details
  • Unassigning tasks

NIST CSF Mappings Added to CIS CSAT Pro v1.4.0

CIS Controls mappings to the NIST CSF v1.1 are now included in CIS CSAT Pro. The NIST CSF mappings, PCI DSS mappings, and the NIST 800-53 mappings are available in the mappings section of the Sub-Control. Users can click on a mapping block to see more information on the requirement from the external framework. Mapping blocks in this section are organized by framework and sorted to make it easier to find mappings of interest.

Download the CIS Controls mapping to NIST CSF from the CIS website or from CIS WorkBench.

Import CIS CSAT Pro Assessments

CIS CSAT Pro already allowed Organization Admins to import previously exported XLSX spreadsheets from CIS CSAT Hosted. Organization Admins can now also import assessments from CSAT Pro CSV files. This populates the new assessment with scores from a previously exported CSAT Pro assessment and is available by selecting the “Import Assessment” button in the Assessments section of an Organization Info page.

Ability to Delete Assessments

With CIS CSAT Pro v1.4.0, Organization Admins are now able to delete assessments they no longer want. This is available in the Action column on both the My Assessments section of the home page and the Assessments section of Organization Info pages. Use with caution since deleting an assessment cannot be undone.

Ability to Edit Assessment Details

Another addition to the Action column for an assessment is the new “Edit Assessment” icon. The edit assessment functionality allows Organization Admins to update an assessment’s name, start date, and due date after an assessment is created. Previously, this information could not be changed after the initial creation of the assessment.

Ability to Unassign Tasks

An assigned task can now be unassigned from the Sub-Control view using the trash can icon to the right of the assigned user’s name.

Navigation and Display Updates

Several other changes make it easier to navigate and use CIS CSAT Pro. Two of these changes are visible in the Sub-Control view screenshot above:

  • Sub-Control numbers are now displayed along with the Sub-Control title
  • The “Assigned To,” “Assigned By,” “Completed By,” and “Validated By” users are now links that navigate to the User Profile for the listed user

Additionally, the Number and Title for each task in the Assessment Summary page are now clickable and will take you to the task/Sub-Control view for that task.

Organization logos (if uploaded) are now displayed in two more locations –   in the Organization Chart and on the first slide in an assessment’s Board Level Slides export. These new locations are in addition to the Organization Info page where the logo was previously displayed.

Bug Fixes

We’ve also fixed a couple of issues to help make the installation process and restarting CIS CSAT Pro after a system reboot go more smoothly. Check out the change log to see the full list of changes for this release and previous CIS CSAT Pro releases. And, read CIS blogs about features added in previous releases:

Getting Started with CIS CSAT Pro v1.4.0

Interested in trying out the new version? It’s available to CIS SecureSuite Members via CIS WorkBench:

If you’ve installed a previous version of CIS CSAT Pro, the installer will upgrade your existing installation.