How to use CIS-CAT Pro Assessor v4 to assess VMWare ESXi

Owned by
Chris Boldiston
Last updated: Dec 19, 2023 by
Allan Cornwell
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

v4.0.20+

Date

Aug 11, 2020

 

Problem

How do I assess an ESXi target with CIS-CAT Pro Assessor v4?

 

Solution

  1. Please check this documentation section for full details.

  2. As a quick start;

    1. Ensure that you do not have any un-commented lines in the assessor-CLI\config\sessions.properties file.

    2. Run this command Assessor-CLI.bat -b benchmarks\CIS_VMware_ESXi_6.7_Benchmark_v1.0.1-xccdf.xml Note that the benchmark version name may change in more recent versions of CIS-CAT so please check that the file does exist in benchmarks\ directory.

    3. When prompted enter the connection details for the target ESXi host in this format; user/password@host

If you have errors please check the following;

  • In step 1 we link to the full documentation. Please ensure you have read that and validated that you have PowerShell, the VMware.VimAutomation.Core module and PowerCLI 6.5.1+ installed.

  • In step 2. b, make sure you are using the correct benchmark version from your benchmarks\ folder.

  • In step 2. c, ensure you have the correct remote user, password and IP information and that you can access the system from your CIS-CAT host server.

  • If those are all correct, please add the options -html --info to the command in step 2. b, then send the following information in a support ticket;

    • the full command line output.

    • the compressed log file from the logs\ directory.

    • the resulting html report (if generated)

 

 

Copyright © 2020

Center for Internet Security®