To effectively use this critical security content, you need to do two things; become a CIS member, (it costs nothing and offers tremendous value), and two, become a contributor and participant. (Please visit the source b/c this content needs a refresh)


CIS offers SecureSuite Members CIS-CAT Pro, a Java-based tool that compares the configuration of target IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100. CIS-CAT Pro also offers select benchmark coverage with associations to the CIS Controls for assessment, dashboard and reporting. The tool consists of two components: CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard.


Using CIS-CAT Pro, CIS SecureSuite Members can:

  • Routinely assess the configuration of production systems compared to the CIS Benchmarks and internal security policies;
  • Provide dashboard and reporting capability;
  • View assessments, reports, and dashboards with CIS Controls associations for a select set of benchmarks.
  • Create standard configuration images for hardening systems prior to deployment;
  • Improve security awareness by comparing the security of 'out-of-the-box' systems and hardened systems;
  • Assess and monitor multiple systems simultaneously by integrating CIS-CAT Pro with system management utilities; and
  • Perform vulnerability assessments for Microsoft Windows XP, 7, 8, Windows Server 2003, 2008, 2008 R2 and Red Hat Enterprise Linux 4 and 5.

Technical Details

CIS-CAT Pro is a host-based configuration assessment tool. It includes both a command-line interface (CLI) and a graphical user interface (GUI). To support the broadest possible portability, CIS-CAT Pro is a Java application and requires JRE v1.6 or later. CIS-CAT Pro and its JRE can reside on a target system or on any network drive or removable drive that has network access to the target system being assessed.

CIS-CAT Pro currently supports more than a hundred CIS Benchmarks: CIS Benchmarks (

CIS-CAT Pro can read customized input files to allow members to compare the configuration of their systems with both the CIS Benchmarks and their customized configuration policies. This feature is enabled by user modification of the CIS Benchmark XCCDF files.

CIS-CAT Pro Tutorials

The following CIS-CAT Pro tutorials are available:

SCAP Validation as an Authenticated Configuration Scanner

CIS-CAT Pro Assessor has been awarded NIST Security Content Automation Protocol (SCAP 1.2) Validation as an "Authenticated Configuration Scanner" with the "Common Vulnerabilities and Exposures (CVE) Option" on the following platforms:

  • Microsoft Windows 7 64 bit
  • Microsoft Windows 7 32 bit
  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Red Hat Enterprise Linux 5 64 bit
  • Red Hat Enterprise Linux 5 32 bit

Details are available on the NIST Web site.


CIS-CAT Pro is available only to CIS SecureSuite Members, who can download CIS-CAT Pro from CIS WorkBench.

To learn about becoming a CIS SecureSuite Member, click here.

For More Information About CIS-CAT Pro

CIS-CAT Pro User's Guide (PDF)
CIS-CAT Pro Data Sheet (PDF)
This email address is being protected from spambots. You need JavaScript enabled to view it.

EnterpriseGRC Solutions trusts the CIS cookie, which is referenced as a part of our Privacy Policy.  Remember, however, that when you accept their cookie, you are accepting the CIS Privacy Policy. We don't think you'll find better security and privacy than at sites like NIST.GOV and CIS  (

Main Menu