Vous êtes sur la page 1sur 2

CIS Configuration Assessment Tool (CIS-CAT)

Quick Links
CIS Public Web site CIS Members Web Site Register with Members Site Download CIS Resources Get Support Membership Questions

I. General Description CIS-CAT is a configuration assessment/audit software tool available to CIS Members only. Written in Java, CIS-CAT: (A) reads those CIS Benchmarks that are expressed in XCCDF (XML) format; (B) reports the configuration status of a target system as compared to the technical controls defined in those CIS Benchmarks; and (C) provides a comparative score based on a conformity scale of 0-100. CIS-CAT is also a NIST validated FDCC Scanner! For more information on this, please see http://nvd.nist.gov/validation_cis.cfm and the CIS-CAT User's Guide. CIS-CAT consumes XML representations of various CIS Benchmarks. The XML schemas used to express CIS benchmarks are XCCDF, OVAL, and ECL. The XCCDF schema is used to describe and group configuration states while OVAL and ECL are used to define how to test a systems conformance with the configuration state described in XCCDF. All CIS Benchmarks that are expressed in XML are expressed in XCCDF+ECL with the exception of the CIS Windows Server 2008 and CIS Windows 7 Benchmarks, which are expressed in XCCDF+OVAL. For information on OVAL, please see http://oval.mitre.org/. For information on XCCDF, please see http://scap.nist.gov/specifications/xccdf/. II. System Requirements CIS-CAT requires JRE v1.5. The tool and the JRE can reside on the target system of evaluation or on a removable or network drive, provided it is accessible from the target of evaluation. Distributed in both CLI and GUI versions, CIS-CAT is a host based (not a network or enterprise scanner) and scan only (doesnt change configuration settings) tool. CIS provides supplemental scripts that support CIS-CAT in assessing multiple systems simultaneously. III. Platform Support CIS-CAT can read customized input files, so members can compare the configuration of their systems with both the CIS benchmarks and their customized configuration policies. This feature is enabled by user modification of the Benchmark XCCDF files. CIS-CAT reads: (A) 21 CIS Benchmarks currently available in XCCDF; (B) XCCDF configuration files distributed by NIST for Microsoft Win XP and Vista, and (C) user-modified CIS Benchmark XCCDF files. CIS currently distributes CIS-CAT with production version support for the

following 21 benchmarks: pache Tomcat Benchmark v1.0.0 Apple OSX 10.5 Benchmark v.1.0.0 Debian Linux Benchmark v1.0.0 HP-UX 11i Benchmark v1.4.2 IBM AIX 4.3-5.1 Benchmark v1.0.1 Microsoft Windows 2003 MS DC Benchmark v2.0.0 Microsoft Windows XP Benchmark v2.0.1 Mozilla Firefox Benchmark v1.0.0 Oracle Database 11g Benchmark v1.0.1 Oracle Database 9i-10g Benchmark v2.0.1 RedHat Enterprise Linux 4 Benchmark v1.0.5 RedHat Enterprise Linux 5.0-5.1 Benchmark v1.1.2 Slackware Linux 10.2 Benchmark v1.1.0 Solaris 10 1106-10 0807 Benchmark v4.0.0 Solaris 10 Benchmark v2.1.3 Solaris 2.5.1-9 Benchmark v1.3.0 SUSE Linux Enterprise Server 10 Benchmark v2.0.0 SUSE Linux Enterprise Server 9 Benchmark v2.0.0 VMware ESX 3.5 Benchmark v1.2.0 Windows 2008 Server Benchmark v1.0.0 Windows 7 Benchmark v1.0.0 IV. Download Files & User Support CIS-CAT and all related documentation are distributed in a bundle via the CIS Members website, https://members.cisecurity.org/. The CIS-CAT bundle includes: (1) the CIS-CAT Tool; (2) the CIS-CAT Users Manual; (3) the CIS-CAT README file; (4) the CIS-CAT technical specification document; and (5) CIS XML Site Adaptation Guide, a manual on how to modify and validate customized XCCDF files for use with CIS-CAT. Additional guidance and user support is provided to members via the member discussion forum and email communication with CIS staff at support@cisecurity.org. Non-members who wish to learn more about membership and obtaining a trial use of the CIS-CAT Tool should contact Laurie Mier at lmier@cisecurity.org V. Other Audit Tools In addition to CIS-CAT, CIS also distributes several other audit tools the Router Audit Tool (RAT), the Perl tools for Unix operating systems, and the Apache Benchmark tool. CIS no longer develops, maintains or provides member support for use of these tools. They will reach end of life when the Benchmarks for which they were created become out of date and are no longer distributed. CIS-CAT IS THE ONLY SOFTWARE TOOL THAT CIS CONTINUES TO DEVELOP AND SUPPORT.