To effectively use this critical security content, you need to do two things; become a CIS member, (it costs nothing and offers tremendous value), and two, become a contributor and participant. 

CIS-CAT Pro https://benchmarks.cisecurity.org/downloads/audit-tools/

CIS offers SecureSuite Members CIS-CAT Pro, a Java-based tool that compares the configuration of target IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100. CIS-CAT Pro also offers select benchmark coverage with associations to the CIS Controls for assessment, dashboard and reporting. The tool consists of two components: CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard.

Capabilities

Using CIS-CAT Pro, CIS SecureSuite Members can:

  • Routinely assess the configuration of production systems compared to the CIS Benchmarks and internal security policies;
  • Provide dashboard and reporting capability;
  • View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
  • Create standard configuration images for hardening systems prior to deployment;
  • Improve security awareness by comparing the security of 'out-of-the-box' systems and hardened systems;
  • Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities; and
  • Perform vulnerability assessments for Microsoft Windows XP, 7, 8, Windows Server 2003, 2008, 2008 R2 and Red Hat Enterprise Linux 4 and 5.

Technical Details

CIS-CAT Pro is a host-based configuration assessment tool. It includes both a command-line interface (CLI) and a graphical user interface (GUI). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires JRE v1.6 or later. CIS-CAT Pro and its JRE can reside on a target system or on any network drive or removable drive that has network access to the target system being assessed.

CIS-CAT Pro currently supports the following CIS Benchmarks:

  • Amazon Linux, v2.2.0 (OVAL XML also available)
  • Apache Tomcat 5.5-6.0 Benchmark v1.0.0
  • Apple OSX 10.5 Benchmark v1.1.0
  • Apple OSX 10.6 Benchmark v1.0.0
  • Apple OSX 10.8 Benchmark v1.3.0
  • Apple OSX 10.9 Benchmark v1.3.0
  • Apple OSX 10.10 Benchmark v1.2.0
  • Apple OSX 10.11 Benchmark v1.1.0
  • CentOS Linux 6 Benchmark v2.0.1(OVAL XML also available)
  • CentOS Linux 7 Benchmark v2.1.0 (OVAL XML also available)
  • Cisco Firewall Benchmark v4.1.0 (OVAL XML also available)
  • Cisco IOS 12 Benchmark v4.0.0 (OVAL XML also available)
  • Cisco IOS 15 Benchmark v4.0.0 (OVAL XML also available)
  • Debian Linux Benchmark v1.0.0
  • Debian Linux 7 Benchmark v1.0.0 (OVAL XML also available)
  • Debian Linux 8 Benchmark v1.0.0 (OVAL XML also available)
  • Google Chrome Benchmark v.1.1.0 (OVAL XML also available)
  • HP-UX 11i Benchmark v1.4.2
  • IBM AIX 4.3-5.1 Benchmark v1.0.1
  • IBM AIX 5.3-6.1 Benchmark v1.1.0
  • IBM AIX 7.1 Benchmark v1.1.0
  • MIT Kerberos 1.10 Benchmark v1.0.0 (OVAL XML also available)
  • Microsoft Office 2013 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Office 2016 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Office Access 2013 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office Access 2016 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office Excel 2013 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office Excel 2016 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office Outlook 2013 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Office Outlook 2016 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Office PowerPoint 2013 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office PowerPoint 2016 Benchmark v1.0.1 (OVAL XML also available)
  • Microsoft Office Word 2013 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Office Word 2016 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Internet Explorer 10 Benchmark v1.1.0 (OVAL XML also available)
  • Microsoft Internet Explorer 11 Benchmark v1.0.0 (OVAL XML also available)
  • Microsoft Internet Information Services (IIS) 7/7.5, v1.8.0 (OVAL XML also available)
  • Microsoft Internet Information Server (IIS) 8/8.5 Benchmark v1.5.0 (OVAL XML also available)
  • Microsoft SQL Server 2008 R2 Database Engine Benchmark v1.3.0 (OVAL XML also available)
  • Microsoft SQL Server 2012 Database Engine Benchmark v1.2.0 (OVAL XML also available)
  • Microsoft SQL Server 2014, v1.1.0 (OVAL XML also available)
  • Microsoft Windows 2003 Member Server Domain Controller Benchmark v3.1.0 (OVAL XML also available)
  • Microsoft Windows 2008 Server Benchmark v3.0.0(Domain Joined) (OVAL XML also available)
  • Microsoft Windows 2008 R2 Server Benchmark v3.0.0(Domain Joined) (OVAL XML also available)
  • Microsoft Windows 2012 Server Benchmark v2.0.0 (Domain Joined) (OVAL XML also available)
  • Microsoft Windows 2012 R2 Server Benchmark v2.2.0 (OVAL XML also available)
  • Microsoft Windows XP Benchmark v3.1.0 (OVAL XML also available)
  • Microsoft Windows 7 Benchmark v3.0.0(Domain Joined) (OVAL XML also available)
  • Microsoft Windows 8 Benchmark v1.0.0 (Domain Joined) (OVAL XML also available)
  • Microsoft Windows 8.1 Benchmark v2.2.0 (OVAL XML also available)
  • Microsoft Windows 10 Enterprise Release 1511 Benchmark v1.1.0 (OVAL XML also available)
  • Mozilla Firefox 3 Benchmark v1.0.0
  • Mozilla Firefox 38 ESR Benchmark v1.0.0 (OVAL XML also available)
  • Mozilla Firefox ESR 24, v1.0.0 (OVAL XML also available)
  • Oracle Database 9i-10g Benchmark v2.0.1
  • Oracle Database 11g Benchmark v1.0.1
  • Oracle Database 11g R2 Benchmark v2.2.0 (OVAL XML also available)
  • Oracle Database 12c Benchmark v1.2.0 (OVAL XML also available)
  • Oracle Linux 6 Benchmark, v1.0.0 (OVAL XML also available)
  • Oracle Linux 7 Benchmark, v2.0.0 (OVAL XML also available)
  • Oracle MySQL Community Server 5.6 Benchmark, v1.0.0 (OVAL XML also available)
  • Oracle MySQL Enterprise Edition 5.6 Benchmark, v1.0.0 (OVAL XML also available)
  • Oracle MySQL Community Server 5.7 v1.0.0 (OVAL XML also available)
  • Oracle MySQL Enterprise Edition 5.7 Benchmark, v1.0.0 (OVAL XML also available)
  • Oracle Solaris 10 Benchmark v5.2.0
  • Oracle Solaris 11 Benchmark v1.1.0
  • Oracle Solaris 11.1 Benchmark v1.0.0
  • Oracle Solaris 11.2 Benchmark v1.1.0
  • RedHat Enterprise Linux 4 Benchmark v1.0.5
  • RedHat Enterprise Linux 5 Benchmark v2.2.0 (OVAL XML also available)
  • RedHat Enterprise Linux 6 Benchmark v2.0.1 (OVAL XML also available)
  • RedHat Enterprise Linux 7 Benchmark v12.1.0 (OVAL XML also available)
  • Slackware Linux 10.2 Benchmark v1.1.0
  • Solaris 2.5.1-9 Benchmark v1.3.0
  • SUSE Linux Enterprise Server 9 Benchmark v1.0.0
  • SUSE Linux Enterprise Server 10 Benchmark v2.0.0
  • SUSE Linux Enterprise Server 11 Benchmark v2.0.0 (OVAL XML also available)
  • SUSE Linux Enterprise Server 12 Benchmark v2.0.0 (OVAL XML also available)
  • Ubuntu 12.04 LTS Server Benchmark v1.1.0
  • Ubuntu 14.04 LTS Server Benchmark, v2.0.0 (OVAL XML also available)
  • Ubuntu 16.04 LTS Server Benchmark, v1.0.0 (OVAL XML also available)
  • VMware ESX 3.5 Benchmark v1.2.0
  • VMware ESX 4.1 Benchmark v1.0.0
  • VMware ESXi 5.5 Benchmark v1.2.0 (OVAL XML also available)
 

CIS-CAT Pro can read customized input files to allow members to compare the configuration of their systems with both the CIS Benchmarks and their customized configuration policies. This feature is enabled by user modification of the CIS Benchmark XCCDF files.

CIS-CAT Pro Tutorials

The following CIS-CAT Pro tutorials are available:

SCAP Validation as an Authenticated Configuration Scanner

CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" on the following platforms:

  • Microsoft Windows 7 64 bit
  • Microsoft Windows 7 32 bit
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Red Hat Enterprise Linux 5 64 bit
  • Red Hat Enterprise Linux 5 32 bit

Details are available on the NIST Web site.

Availability

CIS-CAT Pro is available only to CIS SecureSuite Members, who can download CIS-CAT Pro from CIS WorkBench.

To learn about becoming a CIS SecureSuite Member, click here.

For More Information About CIS-CAT Pro

CIS-CAT Pro User's Guide (PDF)
CIS-CAT Pro Data Sheet (PDF)
This email address is being protected from spambots. You need JavaScript enabled to view it.

Need more reason to love CIS?  Hear the CIS Controls Webcast – Privacy Implications for the CIS Controls

 Recording Information
Topic: 
CIS Controls Webcast – Privacy Implications for the CIS Controls-20170209 1709-1
Recording date:  Thursday, February 9, 2017 12:09 pm
Duration:  57 minutes
      

EnterpriseGRC Solutions trusts the CIS cookie, which is referenced as a part of our Privacy Policy.  When you accept their cookie, you are accepting the CIS Privacy Policy.