If you‘re a cybersecurity professional, you’ve likely heard of the consensus-driven best practices known as the CIS Controls. You may have even implemented them! But to what extent? How confident are you in your implementation, and how organized are you now in tracking and managing your cybersecurity program?

With the CIS Controls Self-Assessment Tool, CIS CSAT Pro, you can assess your implementation of the CIS Controls, track their progress over time, and identify areas for improvement. Newly updated CIS CSAT Pro v1.1.0 brings even more features including visualization of an entire organization tree, exportable graphs, NIST 800-53 mappings, organization history, task reminders, and email notifications. Access to this tool is available through the CIS SecureSuite Membership.

Visualization with the Organization Chart

Users can now see an organization chart that shows an entire organization tree:

Features of the Organization Chart include:

Each organization and sub-organization in the organization tree is displayed in a block displaying: The organization’s industry The total number of sub-organizations under it The number of sub-organizations directly under it

The currently selected organization is highlighted in green.

Each organization block is clickable, taking you to the Organization Info page for that organization.

Sub-organizations can be displayed or hidden.

Easily navigate large organization charts by dragging to move around the chart. Zoom in or out with the scroll wheel of the mouse.

Board Level Slides Export

In addition to the CIS Sub-Control level CSV spreadsheet export that was already available, users can now export a set of slides containing the graphs and summary data from the Assessment Dashboard and the organization’s Assessment History graph. These graphs are exported in PPTX format.

Sample graph:

NIST 800-53 Mappings

The mappings from the CIS Sub-Controls to the NIST 800-53 Rev4 Low Baseline are now displayed in CIS CSAT Pro’s Sub-Control view. Users can click on the mapping to see additional details.

Example of details for vulnerability scanning:

Download the CIS Sub-Controls NIST 800-53 Rev4 Low Baseline mapping from the website or from CIS WorkBench.

Organization History

The new Organization History section displays an event log for the selected organization on its Organization Info page. Events logged in this section, along with which user performed the action and when, include:

User changes (added, removed, or a role change in the organization)

Sub-organization creation/deletion

Changes in the organization’s information (name, website, or industry)

This screenshot shows how Organization History is displayed:

Task Reminders and Email Notifications

Users can now send an email, along with an optional comment, to the user assigned to a task to remind that user to complete it. Similarly, users can send a reminder (with optional comment) to the assigner of a task to remind them to review and validate the task.

Users automatically receive an email with task details when a task assigned by them is completed. Assigned users and users who completed a task receive an email notification when that task is sent back for additional changes.

Check out the change log to see the full list of changes.

Getting Started with CIS CSAT Pro v1.1.0

Interested in trying out the new version? It’s available to CIS SecureSuite Members. Join the CSAT Pro Community in CIS WorkBench and download the appropriate installer for your environment (Windows or Unix). If you’ve previously installed CIS CSAT Pro v1.0.0, the installer makes upgrading a snap; it will detect the existing version and upgrade it for you. If you’re new to CIS CSAT Pro, see the Deployment Guide to walk you through installation.

