Quick Start Guide: CSAT Pro Installation

Overview

This guide will show how to install CSAT Pro on a Windows system using the installer.

Requirements

In order for the application to access the SMTP server, port 25 (default), 465 or 587 (depending on your Email Configuration) needs to be included as an outbound rule.

To opt in to the Industry Average Service, port 8883 needs to be included as an outbound rule. Online license validation also occurs over port 8883, but this is not required if used in a non-internet connected environment.

Implementation Steps

  1. Extract the CSAT Pro bundle on the machine you are using to host CIS CSAT Pro.

  2. Execute the CIS CSAT Pro Installer (CSAT_Pro_windows-x64_Installer.exe) with administrative privileges.

  3. After selecting ā€œNextā€ at the Welcome page, you will be directed to the ā€œSelect Destination Directoryā€ page to select the destination directory of where CSAT Pro, Neo4j database, and the included version of Java, will be installed.

  4. On the ā€œSelect Configuration And License Directoriesā€ page, select the Integration Configuration file and the License Key file by browsing to their locations.

5. (Optional) On the ā€œEmail Configurationā€ page, if you want to set up password reset functionality, multi-factor authentication (MFA), or notifications, then CSAT Pro must be able to connect to and utilize a valid SMTP server to send email messages. Please see the CSAT Pro Deployment Guide for more details: CSAT Pro Deployment Guide - CIS Controls Self Assessment Tool Document Library.

6. On the ā€œMulti-Factor Authentication (MFA) Configurationā€ page, select ā€œEnable MFAā€ or ā€œDo not enable MFAā€. Email set up (step 5) is required for multi-factor authentication to work in CSAT Pro.

7. On the ā€œPassword Configurationā€ page, you may select password length requirements for all users in the entire CSAT Pro instance, as well as the Neo4j database admin and TLS keystore passwords. The minimum must be at least 8 characters and the maximum can be up to 127 characters. CIS recommends at least a 14 character minimum if MFA is not being used, or at least an 8 character minimum if MFA is being used.

8. On the ā€œSet Up TLS Configurationā€ page (screenshot below), you will be given three options:

  • Create Self-Signed Certificate for TLS (port 443)

  • Use Existing Certificate for TLS (port 443)

  • Do not use TLS (port 8080)

Please allow network traffic through the port you select (ports shown above).

Encrypting data in transit is important for security, and we strongly recommend that TLS be enabled for CSAT Pro.

9. The Installation will begin and you will be directed to the ā€œDownload Neo4j Serverā€ page. If you have not already downloaded Neo4j, then you will need to now.

Be sure to select the most recent version of Neo4j Community Edition 3.5.x. Other versions, such as v4 are not compatible.

The installer requires that the Neo 4j Community Edition 3.5 bundle remain zipped.

10. On the ā€œSet Up Database Adminā€ page, set the password for the Neo4j database admin user.

11. On the ā€œSet Up CSAT Admin Userā€ page, set the password and other required information for the the CSAT ā€œadminā€ user.

12. The CSAT Pro installer will complete the installation. Click ā€œFinishā€ to close the installer.

13. To access the site, open your web browser (CSAT Pro officially supports Google Chrome). If you are using TLS, type https://<hostname>. If you are not using TLS, type http://<hostname>:8080.

From here, you can check out the User Guide on how to log in and use CSAT Pro.

Troubleshooting Information

Diagnostic/Debug information to troubleshoot CSAT Pro issues

CSAT Pro Implementation & Troubleshooting

What logging options are available in CSAT Pro?

Where do I put my required License Key for CIS-CAT Pro Assessor v4.x and CSAT Pro to use the full features?

How to generate a new TLS key and update CSAT Pro with new TLS information

CSAT Pro FAQs


Ā 

Copyright Ā© 2022 Center for Internet SecurityĀ® Privacy Policy

Ā 


Ā