CIS CAT PRO
Embedded Files
Overview CIS
The Center for Internet Security (CIS):
is a nonprofit organization that develops and promotes best practice standards for IT security.
CIS Controls - a prioritized set of actions to protect organizations from cyber threats
CIS Benchmarks - detailed configuration guidelines for securing specific technologies
CIS-CAT PRO - tools that help organizations assess their security posture against CIS Benchmarks
CIS Hardened Images - pre-configured secure virtual machine images
CIS, CISA, and MS-ISAC: Differences and Relationships
CIS (Center for Internet Security)
Type: Nonprofit organization
Audience: Organizations of all types and sizes (public and private sectors)
Focus: Develops security standards, benchmarks, and tools
Key offerings: CIS Controls, CIS Benchmarks, security assessment tools, hardened images
CISA (Cybersecurity & Infrastructure Security Agency)
CISA (Cybersecurity & Infrastructure Security Agency)
Type: Federal government agency under DHS
Audience: Critical infrastructure, government agencies, private sector
Focus: National cybersecurity protection, coordination, and response
Key offerings: Threat intelligence, vulnerability management, incident response support
MS-ISAC (Multi-State Information Sharing & Analysis Center)
MS-ISAC (Multi-State Information Sharing & Analysis Center)
Type: Division of CIS, funded by CISA
Audience: State, local, tribal, and territorial governments
Focus: Cybersecurity information sharing and support for U.S. SLTT entities
Key offerings: Threat intelligence, incident response, cyber education, 24/7 SOC services
Relationships & Collaboration
Relationships & Collaboration
MS-ISAC is operated by CIS but funded by CISA
CISA relies on CIS standards and MS-ISAC for coordination with state/local governments
They collaborate on threat intelligence sharing, incident response, and developing best practices
They often jointly issue advisories and conduct coordinated response to major cyber incidents
CIS-CAT Pro Assessor
What CIS-CAT Pro Is
What CIS-CAT Pro Is
configuration assessment tool
developed by the Center for Internet Security (CIS) that
helps organizations evaluate their systems against CIS Benchmarks.
What CIS-CAT Pro Does
What CIS-CAT Pro Does
Automatically scans systems to measure compliance with CIS Benchmarks (Level 1 & Level 2)
Supports multiple platforms (Windows, Linux, macOS, etc.)
Identifies security gaps in configurations
Generates detailed reports showing compliance levels and remediation recommendations (HTML/XML/ARF)
Shows pass/fail/manual per control, and remediation tips
Available in GUI and command-line versions
Can be used for both on-demand assessments and scheduled scanning
Helps track security posture improvements over time
Supports compliance reporting for various regulatory frameworks
Benchmarks
Locate inside CIS Workbench
CIS Benchmarks -
Windows Standalone vs Enterprise vs Intune
Windows Standalone
Target: Individual, unmanaged computers.
Configuration: Manual, local settings.
Deployment: Manual tools, CIS-CAT.
Windows Enterprise
Target: Domain-joined systems.
Configuration: GPO, SCCM management.
Deployment: GPO templates, SCCM.
Windows Intune
Target: Entra ID or hybrid devices
Configuration: Enforce MDM security policies
Deployment: Push via Intune remotely
CIS-NIST Correlation
https://www.cisecurity.org/controls/cis-controls-navigator
Example CIS CAT PRO ASSESSOR Report
(This will be an html file and will need to be downloaded and then opened with a browser.)
https://drive.google.com/file/d/1zu-TPR4Kko8weQdp-yAtBnLkLjlPlueE/view?usp=sharing
(Handouts will be screenshots of this file)
Assessor: Demonstration
Download Assessor
Download License
Live view on Local Machine
Initial Run
Review Results
Change FAIL settings
Review NEW results
Compare
Config File For Multiple Targets
https://drive.google.com/file/d/1hnFenR5wfrq9sX8qsOSosJXRW4ggqK1M/view?usp=sharing
TERMS
Level 1 and IG1
Other Tools
Microsoft Defender for Endpoint / Intune
Type: Commercial
Platforms: Windows, macOS
Key Features:
CIS-aligned baselines for Windows 10/11, Server
Endpoint compliance monitoring
GPO and MDM configuration enforcement
Note: Requires Microsoft 365 E5 / Defender for Endpoint P2
Security Characteristics of a 20 on a 0-100 scale
Page updated
Report abuse