Essential cyber hygiene is the foundation for any good cybersecurity program. The Center for Internet Security (CIS) defines essential cyber hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls (CIS Controls).

The CIS Controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts around the world. The Safeguards included in IG1 represent essential cyber hygiene for any organization and can help protect organizations from all five of the top attack vectors identified in the CIS Community Defense Model (CIS CDM).

The Tool That IT Security Teams Need

The prospect of implementing the CIS Controls can seem daunting, but one tool in particular makes this effort easier for IT security teams. The CIS Controls Self Assessment Tool (CIS CSAT) makes the powerful security guidance of the CIS Controls easier for teams to implement, track, and document. Organizations can collaborate across teams with a built-in workflow to answer a set of questions based on the selected Implementation Group. The answers to the questions generate an overall score that shows how well an organization implements the CIS Controls. Progress is tracked over time and compared to industry average scores.

Thousands of organizations have already made the move from traditional spreadsheet tracking of CIS Controls implementation to using CIS CSAT to improve their cyber hygiene.

How to access CIS CSAT

There are two versions of CIS CSAT: a CIS-hosted version and an on-premises version called CIS CSAT Pro. The CIS-hosted version of CIS CSAT is free to every organization for use in a non-commercial capacity to conduct CIS Controls assessments of their organization. Meanwhile, CIS CSAT Pro is available exclusively for CIS SecureSuite Members.

Members also have access to CIS-CAT Pro, a configuration assessment tool for the CIS Benchmarks as well as other resources. The inclusion of CIS CSAT Pro in CIS SecureSuite allows Members to effectively assess their implementation of both the CIS Benchmarks and CIS Controls.

CIS CSAT features: Making cyber hygiene easier

While still offering the same assessment workflow that users have come to rely on in the free version, CIS CSAT Pro offers some additional features. First, users can opt in to share data anonymously in order to compare their scores to industry or other peer groups. Within CIS CSAT Pro, users can create multiple organization trees. This feature provides greater flexibility in how to track organizations, sub-organizations, and assessments. In addition to this feature, users can build multiple concurrent assessments in the same organization or sub-organization.

CIS CSAT Pro also offers the ability to assign users to different roles for different organizations and sub-organizations. For instance, a user can be an organization admin, have limited access to other organizations, and have no role in other organizations. Furthermore, users can have separate roles. A user can be given access to work on all parts of an organization’s assessments without being given an administrative role in that same organization.

Notably, organizations that have already started assessments in the free version of CIS CSAT can easily export those assessments and import them into CIS CSAT Pro. Implementation scores simply carry over.

Choose cyber hygiene with CIS CSAT Pro

Overall, CIS CSAT Pro gives users greater control over their data while providing greater flexibility in how they manage users, organizations, and assessments within the tool. It can help organizations improve their cyber hygiene regardless of their size or resources.

This powerful tool identifies well-implemented Safeguards from the CIS Controls and highlights areas for improvement. This understanding is extremely useful to help organizations decide where to devote their limited cybersecurity resources. CIS CSAT Pro is one of several powerful tools available with CIS SecureSuite Membership.

