New Benchmark Coverage and CIS Controls™ Feature in CIS-CAT Pro®
Operating systems, containers, and servers ship with insecure default settings, leaving gaps that cybercriminals can take advantage of. That’s why it’s important to implement secure configurations. CIS-CAT Pro is a configuration assessment tool that leverages the consensus-developed CIS Benchmarks™. It’s used by organizations around the world to improve their cyber defenses.
CIS-CAT Pro works by comparing a target system’s configurations to the CIS Benchmark recommendations. Regularly reviewing and remediating noncompliant settings can help protect your organization from cyber threats. CIS-CAT Pro is available to CIS SecureSuite® Members. Keep reading to learn what’s new in CIS-CAT Pro Assessor version 3.0.58, CIS-CAT Pro Assessor version 4.0.7 and CIS-CAT Pro Dashboard version 1.1.6.
New Benchmark Coverage in CIS-CAT Pro Assessor*
Apple macOS 10.13
CIS-CAT Pro Assessor v4.0.7 introduces coverage for Apple macOS 10.13. The benchmark provides prescriptive guidance for establishing a secure configuration posture for Apple macOS 10.13. CIS Benchmarks community member Ron Colvin authored the Benchmark and helped with the development of the assessment content.
This release uses OVAL, which is new for macOS in Assessor v4.0.7. CIS-CAT Pro strives to be a standards-based application focused on platforms where standard OVAL coverage is available. As part of OVAL implementation, CIS-CAT Pro Assessor produces assessment results in the Asset Reporting Format (ARF), a vendor- and technology- neutral data model. ARF provides robust assessment collection information that can be ingested by tools including the latest release of CIS-CAT Pro Dashboard!
CIS SecureSuite Members can download the latest version of CIS-CAT Pro Dashboard via CIS WorkBench.
Download CIS-CAT Pro Dashboard v1.1.6
Google Chrome v75
CIS Google Chrome Benchmark contains coverage for v75 of Google Chrome. The CIS Benchmark was developed in partnership with Google Cloud Team and the CIS volunteer community on CIS WorkBench. There are 41 new security recommendations in this release. The structure of the Benchmark includes revision of the layout from ADMX-based to be more risk-based. The new layout will help users quickly identify and act based on areas of risk. Additionally, we have carefully gone through and reviewed all existing and new content with Google to help identify impactful recommendations and add more detail to each of those sections. The intent is to help your organization configure Chrome v75 instances in a more user-friendly and risk-informed way.
NGINX
CIS NGINX Benchmark provides prescriptive guidance for establishing a secure configuration posture for NGINX version 1.14.0 running on Linux. This is a new CIS Benchmark made possible by our community development process. The CIS NGINX Benchmark was authored by Alexander Sennhauser and James Scott, in addition to volunteers in the community.
PostgreSQL 10
Our latest version of the PostgreSQL database is another example of community and contributor efforts, with big contributions from Doug Hunley and Crunchy Data. The CIS Benchmark allows users to evaluate their systems against more than 44 recommendations. Testing was completed against PostgreSQL 10 running on CentOS 7 but applies to other Linux distributions as well.
Microsoft SQL Server
CIS released CIS Microsoft SQL Server Benchmark updates this month including Microsoft SQL Server 2017, 2016, 2014, and 2012. All CIS Benchmarks contain guidance for securely configuring Microsoft SQL Server and testing was completed against the version identified in the specific benchmark. These updates reflect the work of the community contributors including Nancy Hidy Wilson, Brian Kelley, Philippe Langlois, Michel Ganguin, Sean McCown, Michal Horan, Dean Lackey, and others.
*Review our Benchmark coverage comparison to see what’s covered in each version of CIS-CAT Pro Assessor
Volunteer Spotlight: Nancy Hidy Wilson
Every CIS Benchmark contains a changelog that you can reference for version change data. Check out the User’s Guide to learn more about CIS-CAT Pro Assessor v4.
Feature: CIS Controls Assessment Module in CIS-CAT Pro v4 and CIS-CAT Lite
The CIS Controls Assessment Module is a new feature in CIS-CAT Pro & CIS-CAT Lite. This module is designed to help organizations measure their implementation of the CIS Controls V7.1. This feature uses CIS-CAT Pro Assessor v4 and a combination of automated checks and survey questions to cover the 43 CIS Sub-Controls in Implementation Group 1 for Microsoft Windows 10.
Evaluations using the CIS Controls Assessment Module can be initiated from the command line interface (CLI) or from supporting assessor files, like other assessments. CIS-CAT Pro Assessor v4 produces a pass/fail report for Microsoft Windows 10 Implementation Group 1 in multiple formats including XML and HTML. Reports can be uploaded into CIS-CAT Pro Dashboard for easy analysis over time.
Read more: CIS Controls Assessment Module
Introducing CIS-CAT v4 Lite
Assess against CIS Benchmarks, try out remote assessment, and evaluate using CIS Controls Assessment Module with CIS-CAT Pro Assessor v4 Lite. CIS-CAT Lite is a great way to start measuring your configuration security with coverage for Windows 10, Chrome, and Ubuntu.