Product Name
CIS-CAT Pro Assessor v4
Product Version
v4.x.x+
Date
Use /date
to insert current date
Problem
When running a Benchmark assessment in CIS-CAT Pro Assessor, some Recommendation items are returned as “Manual”, “Not Checked” or “Not Applicable” instead of the expected Pass / Fail results.
Solution
For “Manual” Results
Not all Recommendations contained in each CIS Benchmark are supported by CIS-CAT Pro Assessor. In some cases, this is due to technical limitations (when no script or command is available to audit the item reliably), and in others the particular automation logic (referred to as Artifacts) has not yet been implemented by the Benchmark development team, but may be part of a future Benchmark update.
Those that are not verifiable by Assessor are marked as “Manual” in the HTML report, indicating that the system administrator / owner will have to manually check whether the CIS Benchmark Recommendation has been applied. These items are excluded from the scoring process and do not affect the “Pass” percentage value.
The recommended approach for Manual items is to open the corresponding Benchmark Recommendation page on CIS WorkBench, then following the “Audit Procedure” and “Remediation Procedure” sections:
Note that in some cases, a Recommendation’s “Assessment Status” will display as “Automated” on CIS WorkBench, but may not include any corresponding Artifacts to facilitate automated assessment (indicated by a “No artifacts listed” line near the end of the page).
These Recommendations will also be reflected as “Manual” in the CIS-CAT Pro Assessor report file.
For “Not Checked” / “Not Applicable” / “Not Selected” Results
These return values can be observed in the Console Assessment Results data for a CIS-CAT Pro Assessor run, and indicate the following:
Not Checked and Informational are functionally the same as “Manual” in the HTML report - no method currently exists for Assessor to verify the system settings.
Not Selected pertains to Recommendations that are not part of the selected Profile; for example, L2-only items when an L1 Profile is used for the assessment.
Not Applicable indicates a platform mismatch; ensure that the correct Benchmark has been selected for the target system & OS. A list of supported Benchmarks is available in the Assessor documentation.
0 Comments