Essential cyber hygiene is the foundation of any good cybersecurity program. The Center for Internet Security (CIS) defines Essential Cyber Hygiene as Implementation Group 1 (IG1) of the CIS Critical Security Controls (CIS Controls).
CIS controls are a prescriptive, prioritized, and simplified set of cybersecurity best practices. They are used and developed by thousands of cybersecurity experts around the world. The safeguards included in IG1 represent essential cyber hygiene for any organization and can help protect organizations against the five primary attack vectors identified in the CIS Community Defense Model (CIS CDM).
The tool IT security teams need
The prospect of implementing CIS controls can seem daunting, but one tool, in particular, makes this effort easier for IT security teams. The CIS Controls Self-Assessment Tool (CIS CSAT) makes it easy for teams to implement, track, and document powerful CIS controls security guidance. Organizations can collaborate across teams through an integrated workflow to answer a set of questions based on the selected implementation group. Answers to questions generate an overall score that shows how well an organization implements CIS controls. Progress is tracked over time and compared to industry average scores.
Thousands of organizations have already moved from traditional spreadsheet tracking of CIS controls implementation to take advantage of CIS CSAT and improve their cyber hygiene.
How to access the CIS CSAT
There are two versions of CIS CSAT: a version hosted on CIS and an on-premises version called CIS CSAT Pro. The CIS-hosted version of CIS CSAT is free for each organization to use on a non-commercial basis to conduct CIS Controls assessments of their organization. The on-premises version, CIS CSAT Pro, is available exclusively to CIS SecureSuite members.
Members also have access to CIS-CAT Pro, a configuration assessment tool for CIS Benchmarks, and other resources. Including CIS CSAT Pro in membership allows members to efficiently assess their implementation of CIS benchmarks and CIS controls.
CIS CSAT Features: Facilitating Cyber Hygiene
While still offering the same assessment workflow that users rely on in the free version, CIS CSAT Pro offers a few additional features. First, users can choose to share data anonymously to compare their scores to industry or other peer groups. In CIS CSAT Pro, users can create multiple organization trees. This feature provides greater flexibility in how you track Organizations, Sub-Organizations, and Ratings. In addition to this feature, users can create multiple concurrent assessments within the same organization or sub-organization.
CIS CSAT Pro also provides the ability to assign users to different roles for different organizations and sub-organizations. For example, a user can be an organization administrator for some organizations, have limited access to other organizations, and have no role in other organizations. Additionally, users can have distinct roles within an organization. A user can be authorized to work on all parts of an organization’s assessments without being assigned an administrative role in that same organization.
Notably, organizations that have already started assessments in the free version of CIS CSAT can easily export those assessments and import them into CIS CSAT Pro. Implementation scores are simply carried over.
Opt for cyber hygiene with CIS CSAT Pro
Overall, CIS CSAT Pro gives users greater control over their data, while providing greater flexibility in how they manage users, organizations, and ratings within the tool. It can help organizations improve their cyber hygiene, regardless of size or resources.
This powerful tool identifies well-implemented safeguards from CIS checks and highlights areas for improvement. This understanding is extremely useful in helping organizations decide where to focus their limited cybersecurity resources. CIS CSAT Pro is one of many powerful tools available with CIS SecureSuite membership.
Learn more about joining CIS SecureSuite