CIS CSAT Pro v1.2.0: New Task Features and PCI DSS Mapping

The CIS Controls Self Assessment Tool (CIS CSAT) allows organizations to assess their implementation of the CIS Controls, enabling them to track their progress over time and identify areas for improvement. The new CIS CSAT Pro v1.2.0 release includes several new features:

  • A task calendar
  • PCI DSS mappings
  • Custom tags for tasks
  • Assessment Summary filtering
  • Task discussions
  • Assessment event logs
  • The ability to upload organization logos

Task Calendar

A task calendar organizes an assessment’s tasks by due date.

 

CIS-CSAT-Pro-Task-Calendar

Hovering over a task displays additional information. The tasks also have checkmarks to indicate their status in the workflow:

  • A double checkmark preceding the task indicates the task has been validated
  • A single checkmark indicates the task has been completed but not validated
  • No checkmark indicates that the task has not yet been completed

Clicking on a task will take users to the Sub-Control View for that task. The calendar view can be shifted among monthly, weekly, and daily views, and lets users navigate to view past or future time frames.

PCI DSS Mappings

Mappings to the Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 are now included in CIS CSAT Pro. These mappings to PCI DSS are available in the Mappings section of the Sub-Control View, along with the NIST 800-53 mappings that were added in the previous release of CIS CSAT Pro. Users can click on a mapping block to see additional information on the PCI DSS requirement.

CIS-CSAT-Pro-PCI-DSS-Mapping

Download the CIS Controls mapping to PCI DSS from the CIS website.

CIS SecureSuite Members can also access the information on CIS WorkBench.

Custom Tags for Tasks

Users can now label CIS Sub-Controls in their assessments with custom tags. These tags can be entered and viewed in the Sub-Control View for that task. The custom tag input field will auto-populate existing tags that are currently used in the organization’s assessments as the user starts typing, or the user can create an entirely new tag.

CIS-CSAT-Pro-Custom-Tags-Tasks

Once tagged, tasks in an assessment can be filtered by custom tag in the Assessment Summary page.

Assessment Summary Filtering

The task list in the Assessment Summary page can now be filtered by various criteria including task applicability, assignment status, workflow status, score, asset type, security function, custom tags, or Implementation Group.

Multiple filters can be selected at once. Filtering can help users quickly answer questions such as, “Which Implementation Group 1 Sub-Controls have not yet been assigned?”

Discussions

Users can now comment on individual tasks in the Sub-Control View. The Discussion feature can be used to aid team communication during the assessment process or to save information about that task for future reference.

CIS-CSAT-Pro-Task-Comment-Discussion

Assessment Event Logs

The new Assessment Event Log is available from the Assessment Dashboard. It maintains a history of assessment-level events including assessment creation, closing or reopening the assessment, and changes to the assessment’s Implementation Group. Each log entry includes the user who performed the action, as well as the date and time when it occurred.

CIS-CSAT-Pro-Assessment-Event-Logs

Organization Logos

Organization Admins can now upload a logo for each of their organizations and sub-organizations from the Organization Info page.

CIS-CSAT-Pro-Organization-Logo

Check out the change log to see the full list of changes for this release and previous CIS CSAT Pro releases.

Getting Started with CIS CSAT Pro v1.2.0

CIS CSAT Pro is available to CIS SecureSuite Members. If you’ve installed a previous version of CIS CSAT Pro, the installer will upgrade your existing installation. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation.

Join the CSAT Pro Community in CIS WorkBench, and download the appropriate installer for your environment (Windows or Unix).