Quick Start Guide: CSAT Pro Installation
Overview
This guide will show how to install CSAT Pro on a Windows system using the installer.
Requirements
Download the CSAT Pro 64-bit Windows installer at CIS WorkBench: CSAT Pro Windows 64-bit.
Download Neo4j Community Edition 3.5.x here: https://neo4j.com/download-center/#community. Choose Community and scroll down to the correct version. Download and leave it zipped.
Download and unzip the license and configuration files from your organizationās WorkBench page. Please see the following link for details on how to download these files: CSAT Pro Deployment Guide - CIS Controls Self Assessment Tool Document Library.
For installation in a Windows environment, PowerShell v2.0 or above must also be installed and added to the āPathā environment variable. This requirement is due to the fact that the CSAT Pro installer utilizes Neo4j's Admin utility during the installation process and it requires PowerShell to run in a Windows environment. See the following link for additional information related to this installation requirement: https://neo4j.com/docs/operations-manual/3.5/installation/windows/#powershell.
CSAT Pro officially supports the Google Chrome web browser. Other browsers can work, but may produce unexpected behavior.
If you are accessing CSAT Pro from a remote machine, you will likely need to include an inbound firewall rule for port 443 (for HTTPS) or port 8080 (for HTTP).
In order for the application to access the SMTP server, port 25 (default), 465 or 587 (depending on your Email Configuration) needs to be included as an outbound rule.
To opt in to the Industry Average Service, port 8883 needs to be included as an outbound rule. Online license validation also occurs over port 8883, but this is not required if used in a non-internet connected environment.
Implementation Steps
Extract the CSAT Pro bundle on the machine you are using to host CIS CSAT Pro.
Execute the CIS CSAT Pro Installer (
CSAT_Pro_windows-x64_Installer.exe
) with administrative privileges.After selecting āNextā at the Welcome page, you will be directed to the āSelect Destination Directoryā page to select the destination directory of where CSAT Pro, Neo4j database, and the included version of Java, will be installed.
On the āSelect Configuration And License Directoriesā page, select the Integration Configuration file and the License Key file by browsing to their locations.
5. (Optional) On the āEmail Configurationā page, if you want to set up password reset functionality, multi-factor authentication (MFA), or notifications, then CSAT Pro must be able to connect to and utilize a valid SMTP server to send email messages. Please see the CSAT Pro Deployment Guide for more details: CSAT Pro Deployment Guide - CIS Controls Self Assessment Tool Document Library.
6. On the āMulti-Factor Authentication (MFA) Configurationā page, select āEnable MFAā or āDo not enable MFAā. Email set up (step 5) is required for multi-factor authentication to work in CSAT Pro.
7. On the āPassword Configurationā page, you may select password length requirements for all users in the entire CSAT Pro instance, as well as the Neo4j database admin and TLS keystore passwords. The minimum must be at least 8 characters and the maximum can be up to 127 characters. CIS recommends at least a 14 character minimum if MFA is not being used, or at least an 8 character minimum if MFA is being used.
8. On the āSet Up TLS Configurationā page (screenshot below), you will be given three options:
Create Self-Signed Certificate for TLS (port 443)
Use Existing Certificate for TLS (port 443)
Do not use TLS (port 8080)
Please allow network traffic through the port you select (ports shown above).
Encrypting data in transit is important for security, and we strongly recommend that TLS be enabled for CSAT Pro.
9. The Installation will begin and you will be directed to the āDownload Neo4j Serverā page. If you have not already downloaded Neo4j, then you will need to now.
Be sure to select the most recent version of Neo4j Community Edition 3.5.x. Other versions, such as v4 are not compatible.
The installer requires that the Neo 4j Community Edition 3.5 bundle remain zipped.
10. On the āSet Up Database Adminā page, set the password for the Neo4j database admin user.
11. On the āSet Up CSAT Admin Userā page, set the password and other required information for the the CSAT āadminā user.
12. The CSAT Pro installer will complete the installation. Click āFinishā to close the installer.
13. To access the site, open your web browser (CSAT Pro officially supports Google Chrome). If you are using TLS, type https://<hostname>
. If you are not using TLS, type http://<hostname>:8080
.
From here, you can check out the User Guide on how to log in and use CSAT Pro.
Troubleshooting Information
Diagnostic/Debug information to troubleshoot CSAT Pro issues
CSAT Pro Implementation & Troubleshooting
What logging options are available in CSAT Pro?
How to generate a new TLS key and update CSAT Pro with new TLS information
Ā
Copyright Ā© 2022 Center for Internet SecurityĀ® Privacy Policy
Ā
Ā