Product Name
CIS-CAT Pro Dashboard
Product Version
3.0.0+
Date
Problem
CIS-CAT Pro Dashboard v3 includes a built-in version of CIS-CAT Pro Assessor that can be used to conduct scans directly from the Dashboard web interface:
https://cis-cat-pro-dashboard.readthedocs.io/en/stable/source/Dashboard%20User%27s%20Guide/#assess-a-target-system
However, some assessment features and capabilities are unavailable in this integrated version.
Solution
Below is a listing of usage cases where the standalone CIS-CAT Pro Assessor v4 would be required.
You are planning to assess multiple systems in sequence via a Configuration XML or Sessions file
(Dashboard’s Assessor only allows scanning one target at a time)You intend to conduct assessments using Tailored Benchmarks, which are currently not supported in Dashboard v3 (only the pre-supplied list of included Benchmarks can be run)
You intend to conduct assessments of databases (such as MySQL), or other target system types requiring interactive values whose Benchmarks are not included with Dashboard:
https://ccpa-docs.readthedocs.io/en/latest/Coverage%20Guide/You want to authenticate to assessment targets via SSH using a private key file
(instead of a username & password)You are utilizing WinRM over HTTPS for Windows assessments (instead of HTTP)
Note that you can use both tools concurrently, and uploading reports from a standalone Assessor installation can be carried out alongside the built-in Assessor scans if you should encounter any of the above requirements.
CIS-CAT Pro Assessor v4 can be downloaded from CIS WorkBench with a valid SecureSuite Membership:
https://workbench.cisecurity.org/download/cis-cat/pro
Add Comment