I'm a security Consultant using CIS-Hosted CSAT and I would like the ability to be an Admin for multiple Organizations with the ability to add existing users to our Organizations.

Owned by Amanda McGown, created
Last updated: Apr 20, 2023
2 min read

Product Name

CIS-Hosted CSAT

Product Version

all

Date

May 21, 2021

 

Problem

When I am using the free CIS-Hosted CSAT platform I am unable to add members of my Organization with existing CSAT accounts to different Organizations for whom we do security consultation.

 

Solution

CIS-Hosted CSAT is not generally geared towards consultants so much as organizations who wish to assess their own security, and the security of their individual sub-organizations. For the consultants with many sub-organizations, as well as those with differing Admin and User roles among their organizations, CIS-Hosted CSAT is limited in its capacity to create and manipulate sub-organizations and their Admins. Furthermore, it is challenging, if not impossible, to have an Admin of a primary Org also be an Admin to multiple Sub-Orgs. It is a limitation of the free software.

While CIS-Hosted CSAT is free for organizations to use to assess their own organization’s implementation of the CIS Controls, if you are using CSAT in a commercial capacity (as a paid consultant to assess another organization, for instance), you will need to become a CIS SecureSuite Consulting Member. Please see https://www.cisecurity.org/cis-securesuite/pricing-and-categories/services-and-consulting/ for details.

The CSAT Pro software has several features that can benefit the consultant use case that are not available in the free CIS-Hosted version of CSAT. CSAT Pro lets you have multiple organization trees, multiple concurrent assessments in each organization/sub-organization, and a more flexible permission model (so the same user can have different roles in different organizations).

Additionally, if an assessment has already been started in CIS-Hosted CSAT, it is possible to export an assessment from CIS-Hosted CSAT and import it into CSAT Pro.

Here is a blog post with more information regarding the new CSAT Pro: https://www.cisecurity.org/blog/improve-your-organizations-cyber-hygiene-with-cis-csat-pro/ It is also an excellent resource for anyone hoping to do Cyber Security Consultations for multiple sub-organizations.

 

There is a CSAT Pro Community on CIS WorkBench at  ::CIS Controls - CSAT Pro which you can join if you would like to review the discussions and release information.

Keywords; CSAT CSAT Pro CIS Hosted CSAT Consultants

Content by Label

Copyright © 2020

Center for Internet Security®