IT professionals can be overwhelmed by the various standards, compliance requirements, and security options that are involved in configuration management. As remote work grows, the complexity of implementing secure configurations expands as well. Employees are using company resources to work from home, and many IT staff need to assess company equipment without being physically present. So what are IT teams to do?
Thousands of organizations around the world leverage CIS SecureSuite Membership to improve their cyber defenses. One of the most useful member benefits in a remote work environment is the ability to conduct remote configuration assessments using a tool called CIS-CAT Pro. CIS-CAT Pro is a quick and effective way to compare target machines to the secure recommendations of the corresponding CIS Benchmarks.
Updating Default Settings with Secure Configurations
Many servers, operating systems, and applications come with default settings that are put in place for convenience, not security. Implementing secure configurations is a way to help significantly improve an organization’s cyber defenses. The CIS Benchmarks provide free configuration recommendations for 100+ CIS Benchmarks covering 25+ vendor product families. Secure configurations can help protect against threats such as denial of service or unauthorized data access.
CIS Benchmarks are referenced by many industry frameworks and organizations including PCI DSS, FISMA, HIPAA, DISA STIGs, FFIEC, and more.
CIS-CAT Pro: Assessment Tool and Dashboard
CIS-CAT Pro leverages the powerful security guidance of the CIS Benchmarks in an assessment tool. Available only to CIS SecureSuite Members, it has two components: CIS-CAT Pro Assessor and CIS-CAT Pro Dashboard.
CIS-CAT Pro Assessor scans against a target system’s configuration settings and reports the system’s compliance to the corresponding CIS Benchmark. CIS-CAT Pro Assessor typically scans in just a few minutes, saving users hours of tedious manual configuration review. It also offers multiple reporting formats, including an HTML report which lets users quickly review noncompliant settings and remediation steps for achieving compliance to the CIS Benchmark recommendation.
An integrated component to CIS-CAT Pro Assessor is CIS-CAT Pro Dashboard. CIS-CAT Pro Dashboard allows users to view system compliance to the CIS Benchmarks over a period of time with dynamic reporting features. CIS-CAT Pro Dashboard displays CIS-CAT result scoring for target systems in an easy-to-read graph format. Users can sort data to view charts per CIS Benchmark or per device. Systems can also be tagged (for example, by department) in order to view system grouping compliance to CIS Benchmarks over time, to prevent configuration drift.
Try some features for free – download CIS-CAT Lite.
Making Remote Assessments Easier
CIS-CAT Pro Assessor helps IT teams run a configuration assessment within minutes, instead of having to develop subject matter expertise on an operating system and the settings necessary to prevent attacks. A team can see where they score with conformance to a CIS Benchmark on a web server, a mail server, or a router. CIS-CAT Pro Assessor can also scan multiple target endpoints through a single instance.
CIS-CAT Pro Assessor v4 allows IT professionals to conduct remote CIS Benchmark assessments using the graphical user interface (GUI) of CIS-CAT Pro Dashboard when Assessor v4 Service is installed. Remote assessment can also be conducted using the command line interface.
Version 1.0.7 of CIS-CAT Pro Assessor v4 Service includes support for Java versions 8 through 14 for Assessor v4 Service. Imports to CIS-CAT Pro Dashboard, when using these versions of Java on the Assessor v4 Service server, will now be successful when imported via the API when using Assessor v4 Service.
Tailor Configuration to Your Organization’s Needs
Customizations can be managed two ways to meet your organization’s unique security needs. Alterations of CIS Benchmarks can be made through the tailoring functionality within CIS WorkBench. Modifications to the content can also be completed manually in the XML content such as the XCCDF or OVAL files in the CIS Benchmarks folder of CIS-CAT Pro Assessor.
Customizations could range from turning on or off a recommendation or tailoring a recommendation such as password length. Upon saving the file with the alterations, the assessment will then run against the new modifications and the CIS-CAT report will produce results in correspondence with the changes made.
A Membership That Enhances Cybersecurity
Wherever teams may be working, IT professionals can harden their organization’s endpoints and implement a secure baseline by remotely assessing with CIS-CAT Pro v4. Operations and security teams can use CIS-CAT Pro for self-assessments or to validate a system before production rollout. Auditors can use CIS-CAT Pro to conduct or view assessment results.
To access CIS-CAT Pro, and many more cybersecurity tools and resources, learn about all that CIS SecureSuite Membership has to offer.