Thiago Teixeira
EN | PT

CIS-CAT Pro

Center for Internet Security

Configuration assessment tool that audits systems against CIS Benchmarks.

Vulnerability Management Commercial CLI Learning Cross-platform
Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain
1 Reconnaissance
2 Weaponization
3 Delivery
4 Exploitation
5 Installation
6 Command & Control
7 Actions on Objectives
Defender — IR Lifecycle
8 Preparation
9 Detection & Analysis
10 Containment, Eradication & Recovery
11 Post-Incident Activity

Description

CIS-CAT Pro (Center for Internet Security — Configuration Assessment Tool) is the official scanner that measures a system's compliance with CIS Benchmarks — the consensus secure-configuration baselines for operating systems, browsers, databases, cloud providers, and network devices. For a CySA+ analyst it is the canonical example of preparation-phase tooling: you harden and verify before an incident.

Capabilities:

  • Assessor module evaluates targets against benchmark XCCDF/OVAL content and emits HTML, CSV, JSON, and ARF reports.
  • Dashboard aggregates results across an estate, showing compliance trend and remediation backlog.
  • Remediation content (Pro members) provides scripts/GPOs that apply benchmark recommendations.
  • Build Kits (GPO/Shell/Ansible) automate hardening at deploy time, not just measurement.
  • Supports SCAP 1.2 so results can feed risk/GRC platforms.

Use cases

  • Pre-deployment hardening of Windows/Linux gold images
  • Periodic configuration drift audits against CIS baselines
  • Generating evidence for ISO 27001 / PCI-DSS / NIST 800-53 audits
  • Feeding SCAP-compliant results into GRC dashboards
  • Building remediation backlogs after a finding

Example

# Linux Assessor — evaluate against Ubuntu 22.04 LTS Benchmark
./Assessor-CLI.sh -b ./benchmarks/CIS_Ubuntu_Linux_22.04_LTS_Benchmark_v1.0.0-xccdf.xml \
    -rd ./reports -html -csv -json

# Windows Assessor — current profile, ARF output for SCAP pipeline
Assessor-CLI.bat -b CIS_Microsoft_Windows_Server_2022_Benchmark.xml -arf