CIS-CAT Pro is a tool used to evaluate the cybersecurity posture of a system against the recommended policy settings outlined in the CIS Benchmarks. Following the release of CIS-CAT Pro Assessor v4, the Center for Internet Security (CIS) will cease support for CIS-CAT Pro Assessor v3. Its final release will occur in November 2021.
What End of Life Means for Assessor v3
CIS will stop delivering and supporting CIS-CAT Pro Assessor v3. Version 3.0.76 will mark the final delivery of this tool. This release also contains updated third-party dependencies to resolve security vulnerabilities. See our knowledge base article for more information on security risk.
Changes in the Final Release
This final release of CIS-CAT Pro Assessor v3 requires a Java Runtime Environment (JRE), Java Development Kit (JDK), or open JDK versions of Java 8. We have updated third party libraries that support assessor activities in this release. These new updates require Java 8, at a minimum.
The Assessor v3 dissolvable version has been updated to operate with Java 8.
Still Need Assessor v3?
CIS-CAT Pro Assessor v3 will remain available until November 2022.
The CIS Support Team will assist CIS SecureSuite Members with questions regarding the availability of the tool, but will no longer offer support on the function of the tool.
Read about Assessor v3’s limited use guidelines in our knowledge article.
Assessor v3 and CIS Benchmarks
Assessor v3 will include CIS Benchmarks officially supported for use with this final version. Future and past CIS Benchmark versions for the technologies supported by Assessor v3 may work with the final tool version, but are not guaranteed and should be used at the Member’s discretion.
Members requiring the ability to assess against older Benchmarks that aren’t supported in Assessor v4 can continue to utilize v3 until the Benchmark is supported in v4 or reaches its end of life (HP UX, Cisco ASA Firewall, Oracle Solaris OS, IBM AIX). If Member demand supports the need for the tool to support these CIS Benchmarks after November 2022, CIS will evaluate extending the availability date.
Other Assessor v3 Functions
Members are advised to no longer utilize Assessor v3 for vulnerability assessments. Since Assessor v3 will not be updated monthly with new CVE information, the vulnerabilities will quickly go out-of-date. Members are encouraged to utilize Assessor v4 for vulnerability assessments going forward.
CIS-CAT Pro Assessor v3 is a Security Content Automation Protocol (SCAP) validated tool. Members requiring some use of a NIST validated tool can continue to use Assessor v3 when necessary. CIS-CAT Pro Assessor v4 is architected in compliance with SCAP, but has not yet been formally SCAP validated. CIS currently plans to pursue SCAP 1.3 validation for CIS-CAT Pro Assessor v4 in 2022.
The Assessor v3 dissolvable bundle includes Java version 8 in this final release. With CIS-CAT Pro Assessor v4, we plan to offer an embedded Java for command line activities in 2022.
Still have questions?
Join the CIS-CAT Discussion Community on CIS WorkBench and start a discussion! Reach out to CIS Support and ask for the feedback ticket to be directed to the CIS-CAT Product Owner.
Where to Get CIS-CAT Pro Assessor
CIS-CAT Pro Assessor and Dashboard save you hours of configuration review by scanning against a target system’s configuration settings and reporting the system’s compliance to the corresponding CIS Benchmark. These tools are available as part of a CIS SecureSuite Membership. Members can download these tools and other resources on CIS WorkBench.
Not a Member yet? Learn more about CIS-CAT Pro Assessor at one of our free webinars.
You can also try CIS-CAT Lite v4 at no cost.
More Stories
Friday Squid Blogging: Biology and Ecology of the Colossal Squid
Good survey paper. Blog moderation policy. Read More
Ultralytics Supply-Chain Attack
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4,...
US Offers $5M for Info on North Korean IT Worker Fraud
The US Government is offering a $5 million reward for information leading to the disruption of financial mechanisms supporting North...
2024 Sees Sharp Increase in Microsoft Tool Exploits
Sophos found observed a significant rise in Microsoft LOLbins abused by attackers in H1 2024 compared to 2023 Read More
Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus...
Researchers Discover Malware Used by Nation-Sates to Attack Industrial Systems
IOCONTROL, a custom-built IoT/OT malware, was used by Iran-affiliated groups to attack Israel- and US-based OT/IoT devices, according to Claroty...