CIS Announces Launch of CIS Configuration Assessment Tool (CIS-CAT) 3.0

The newest CIS-CAT version achieves Security Content Automation Protocol (SCAP) 1.2 validation from the National Institute of Standards and Technology.

  • Share on TwitterShare on FacebookShare on Google+Share on LinkedInEmail a friendRepost This
Center for Internet Security
CIS-CAT 3.0 is a fundamentally new security assessment tool.

East Greenbush, N.Y. (PRWEB) May 15, 2014

The Center for Internet Security (CIS) today announced the release of an enhanced version of its CIS Configuration Assessment Tool, known as CIS-CAT. CIS-CAT 3.0 will provide CIS Security Benchmarks members with increased capabilities, including the ability to perform software vulnerability assessments as well as leverage a broader array of standards-based, automatable security information (content) for assessing the security configuration of IT systems and applications. The new tool is one of only a small number of security assessment products to have obtained Security Content Automation Protocol (SCAP) 1.2 validation from the National Institute of Standards and Technology (NIST).

CIS-CAT 3.0 was awarded SCAP 1.2 validation as an Authenticated Configuration Scanner (ACS) with the Common Vulnerabilities and Exposures (CVE) Option. NIST validated CIS-CAT 3.0’s ACS and CVE Option capabilities across all Microsoft Windows and Red Hat Enterprise Linux profiles available under the SCAP 1.2 Validation Program. The new release also provides other added functionality and features, including direct evidence-based reporting for a variety of technologies assessed for policy compliance and unified reporting for security configuration and software vulnerability assessments.

SCAP 1.2 requires a rigorous development, testing and evaluation process to determine whether CIS-CAT 3.0 meets the complex requirements. SCAP defines the process for using several security automation specifications together to enable automated vulnerability management, measurement and policy compliance evaluations. SCAP 1.2 validation certifies that CIS-CAT 3.0 can successfully leverage a wide range of automatable content, which is cited as a best practice in many sources, including the recently released NIST Cyber Security Framework.

Standards-based security automation allows for improved and consistent sharing of security information across various tools and reports. It also provides greater consistency in how IT systems and applications are assessed and the results reported. CIS-CAT 3.0’s SCAP 1.2 validation and CIS’ continued and rapidly increasing production of its security configuration Benchmarks as SCAP 1.2-based automatable content is evidence of its dedication to the adoption and use of open, interoperable standards for security automation.

“CIS is committed to open standards for security automation, as it promotes interoperability, giving organizations more choice and flexibility regarding security assessment products,” said William F. Pelgrin, CIS president and CEO. “Our team worked incredibly hard and we are pleased to release CIS-CAT 3.0, which provides our Benchmarks members with a fundamentally new security assessment tool to support their cyber security readiness and response efforts.”

CIS-CAT 3.0 can now evaluate target IT assets utilizing repositories of SCAP 1.2 content from a number of sources, including: NIST’s United States Government Configuration Baseline (USGCB) and the Defense Information Systems Agency’s Security Technical Implementation Guides (DISA STIGs) as well as CIS’ expanding collection of CIS Security Benchmarks in SCAP format. CIS-CAT 3.0’s validation for the CVE Option also enables the tool to perform software vulnerability assessments according to the thousands of documented vulnerabilities maintained in MITRE’s CVE List.

For more information about CIS-CAT 3.0 and all other benefits of CIS Benchmarks membership, visit CIS online, or contact us at members(at)cisecurity(dot)org.

About the Center for Internet Security
The Center for Internet Security (CIS) is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS produces consensus-based, best practice secure configuration benchmarks and security automation content, and serves as the key cyber security resource for state, local, territorial and tribal governments, including chief information security officers, homeland security advisors and fusion centers. CIS provides products and resources that help partners achieve security goals through expert guidance and cost-effective solutions. To learn more please visit cisecurity.org or follow us at @CISecurity.

###

Contact:
Krista Montie
The Center for Internet Security
518-266-3460
Krista(dot)montie(at)cisecurity(dot)org

Liz Grimes
PR Director - Overit
518-465-8829 x 213
Liz(at)overit(dot)com


Contact