Available through CIS SecureSuite Membership, CIS-CAT Pro quickly compares the configuration of a target system to CIS Benchmark recommendations and reports conformance on a scale of 0-100.
Using CIS-CAT Pro, CIS SecureSuite Members can:
- Routinely assess the configuration of production systems compared with the CIS Benchmarks and internal security policies.
- View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
- Create standard configuration images for hardening systems prior to deployment.
- Improve security awareness by comparing the security of "out of the box" systems and hardened systems.
- Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities.
CIS SecureSuite Members can also take advantage of CIS-CAT Pro Dashboard, which consumes CIS-CAT Pro assessment reports and shows system(s) compliance over a period of time. CIS-CAT Pro Dashboard provides:
- CIS Controls view for annotated CIS Benchmark content
- Assessment results that can be collated and sorted per-benchmark or per-device
- Custom device tagging (PCI, admin, etc.) to view compliance for a group of systems
- Ability to create exceptions to CIS Benchmark content and immediately recalculate assessment scoring
CIS-CAT Pro is a host-based configuration assessment tool. It includes both a command-line interface (CLI) and a graphical user interface (GUI). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires JRE v1.6 or later. CIS-CAT Pro and its JRE can reside on a target system or on any network drive or removable drive that has network access to the target system being assessed.
CIS-CAT Pro currently supports 85+ CIS Benchmarks.
CIS-CAT Pro can read customized input files to allow members to compare the configuration of their systems with both the CIS Benchmarks and their customized configuration policies. This feature is enabled by user modification of the CIS Benchmark XCCDF files.
SCAP Validation as an Authenticated Configuration Scanner
CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" for specific platforms. Details are available on the NIST website.