Cis-Cat Assessment Tool4/14/2021
As a member of this community, the UC Berkeley campus has access to Consensus Security Configuration Benchmarks, Scoring Tools, Consensus Security Metric definitions, and discussion forums where we can collaborate on security best practices.Use your berkeley.edu email address to register to confirm that you are a member of the UC Berkeley campus community.Respond to the confirmation email and wait for the moderator to activate your membership.
This cross-platform Java app examines your system and produces a report comparing your settings to the published benchmarks. You can use additional CIS tools available to members, such as Windows GPOs, to assist with system hardening. In some cases you may need to deviate from the benchmarks in order to support campus applications and services. For other questions, use the CIS member forums or contact securityberkeley.edu for help using the CIS benchmarks for system hardening. This allows you to see score changes over time via Benchmark View. The Controls Assessment Module functions as a module within CIS-CAT Assessor v4 and can be run much like other assessments, making it compatible with existing CIS-CAT functionality including remote assessments and the CIS-CAT Pro Dashboard. If you are not familiar with CIS-CAT Assessor v4 and running assessments, please review the Assessor v4 documentation at. For the more procedural Sub-Controls, the Controls Assessment Module allows users to save yesno answers documenting their implementation of those Sub-Controls. ![]() It has not been tested with other operating systems at this point. ![]() The automated checks use PowerShell scripts to measure the machine-specific implementation of a Sub-Control. The survey question checks utilize user-provided answers to determine if a Sub-Control is successfully implemented. By default, answers to these survey questions are saved in the Assessor properties file, and can be updated between assessments as the organizations implementation of these Sub-Controls changes. These saved answers are used as organization-wide answers that apply to all machines in an assessment. All checks in the Controls Assessment Module regardless of format, automated or survey question, will come down to a Pass or Fail. While this allows for more granular machine-specific answers to the questions, it also requires each survey question designated as interactive to be answered at the start of each machines assessment. Providing answers interactively can become tedious for assessments with large numbers of machines or for frequent assessments, so it is recommended that the interactive survey question feature only be used if there are answers to specific survey questions that vary from machine to machine in the organization. ![]() In addition to the standard Assessor v4 configuration options, the following Controls Assessment Module specific configuration options are available as well. If your organization wishes to use different values than the defaults, these values can be updated in the Assessor properties file (configassessor-cli.properties). Midway through this file is a section entitled CAM IG1 Customizable Values. Cis-Cat Assessment Tool Password Length OfFor example, if the organization only requires a password length of 10, the following change could be made. All of these survey questions are set to a value of n by default, meaning that each of these Sub-Controls will be assessed as a Fail unless the user changes this value. For those Sub-Controls that your organization is successfully implementing, the corresponding value should be updated to y, meaning that Sub-Control will be assessed as a Pass. For example, by default, the survey question for Sub-Control 12.1 is set as follows. This will result in the answer value on that line being ignored, and the question will instead be asked on the Assessor command line for each machine in the assessment. There are 3 Controls Assessment Module profiles to choose from. In the command prompt, enter one of the following depending on which profile you wish to run. If you have an instantiation of CIS-CAT Pro Dashboard, results can be uploaded there for easy viewing.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |