CIS-CAT Pro

CIS offers SecureSuite Members CIS-CAT Pro, a Java-based tool that compares the configuration of target IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100. CIS-CAT Pro also offers select benchmark coverage with associations to the CIS Controls for assessment, dashboard and reporting. The tool consists of two components: CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard.

Capabilities

Using CIS-CAT Pro, CIS SecureSuite Members can:

  • Routinely assess the configuration of production systems compared to the CIS Benchmarks and internal security policies;
  • Provide dashboard and reporting capability;
  • View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
  • Create standard configuration images for hardening systems prior to deployment;
  • Improve security awareness by comparing the security of 'out-of-the-box' systems and hardened systems;
  • Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities; and
  • Perform vulnerability assessments for Microsoft Windows XP, 7, 8, Windows Server 2003, 2008, 2008 R2 and Red Hat Enterprise Linux 4 and 5.

 

Technical Details

 

CIS-CAT Pro is a host-based configuration assessment tool. It includes both a command-line interface (CLI) and a graphical user interface (GUI). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires JRE v1.6 or later. CIS-CAT Pro and its JRE can reside on a target system or on any network drive or removable drive that has network access to the target system being assessed.

 

CIS-CAT Pro currently supports the following CIS Benchmarks:

  • Amazon Linux, v2.2.0 (OVAL XML also available)
  • Apache Tomcat 5.5-6.0 Benchmark v1.0.0
  • Apple OSX 10.5 Benchmark v1.1.0
  • Apple OSX 10.6 Benchmark v1.0.0
  • Apple OSX 10.8 Benchmark v1.3.0
  • Apple OSX 10.9 Benchmark v1.3.0
  • Apple OSX 10.10 Benchmark v1.2.0
  • Apple OSX 10.11 Benchmark v1.1.0

 

CIS-CAT Pro can read customized input files to allow members to compare the configuration of their systems with both the CIS Benchmarks and their customized configuration policies. This feature is enabled by user modification of the CIS Benchmark XCCDF files.

 

CIS-CAT Pro Tutorials

The following CIS-CAT Pro tutorials are available:

 

SCAP Validation as an Authenticated Configuration Scanner

CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" on the following platforms:

  • Microsoft Windows 7 64 bit
  • Microsoft Windows 7 32 bit
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Red Hat Enterprise Linux 5 64 bit
  • Red Hat Enterprise Linux 5 32 bit

 

Details are available on the NIST Web site.

 

Availability

CIS-CAT Pro is available only to CIS SecureSuite Members, who can download CIS-CAT Pro from CIS WorkBench.

To learn about becoming a CIS SecureSuite Member, click here.

For More Information About CIS-CAT Pro

 

CIS-CAT Pro User's Guide (PDF)
CIS-CAT Pro Data Sheet (PDF)
Email CIS