Remote CIS-CAT Pro Assessor Scans in IPv6 Networks

By Allan Cornwell
2 min

Product Name

CIS-CAT Pro Assessor v4

Product Version

v4.x.x

Date

Apr 2, 2025

Problem

When using CIS-CAT Pro Assessor v4 for remote assessments against Windows or Linux systems in IPv6 networks, additional requirements & considerations are needed for the scan to succeed. The information below outlines these prerequisites.

Solution

  • The Assessor host and remote assessment target both need to feature IPv6-compatible network adapters and an active IPv6 address for each host.

  • If the scan is conducted over the internet (non-LAN), the respective Internet Service Provider (ISP) has to be capable of issuing IPv6 addresses to both networks.

  • If a hostname is used as the assessment target identifier in IPv6-only networks, the ISP (or relevant local DNS server) needs to support IPv6 DNS requests.

  • IPv6 addresses can be supplied in sessions.properties and Configuration XML files, but we recommend testing a manually initiated assessment against the address first to verify that the connection functions as intended.

Specific to Windows assessments:

  • An IPv6 listener has to be enabled & configured for WinRM:

  • The IPv6 address needs to be provided to CIS-CAT Pro Assessor in the following full format:

    • 2001:0000:130F:0000:0000:09C0:876A:130B

    • Brackets are not needed (and should not be used) to enclose the address in CIS-CAT Pro Assessor

    • IPv6 shorthand cannot currently be used, such as:

      • 2001:db8:: instead of 2001:0db8:0000:0000:0000:0000:0000:0000

      • 2001:db8::1:0 instead of 2001:0db8:0000:0000:0000:0000:0001:0000

Keywords; Assessor Windows IPv6

Content by Label

Copyright © 2025

Center for Internet Security®

 

Looking for labels? They can now be found in the details panel on the floating action bar.

Related content