How CIS-CAT Scanning Protects Your Information

Configuring your company’s software to protect your sensitive data requires more than simply installing those programs and going with the default settings. 

Security is absolutely vital to any company, regardless of its size or how much data it takes in. While using basic firewalls, password-protected databases, and other security systems is a great place to start, you also have to make certain those programs and more are properly configured for your network. 

This is why many local companies look to partner with a Los Angeles IT support company for CIS-CAT Scanning. 

Be Structured Technology Group understands how to configure a wide range of programs for many different technologies.

CIS-CAT Scanning For Security Configuration

How do you know if your programs aren’t configured correctly? 

One solution is to make use of CIS-CAT Scanning. 

The Center for Internet Security (that’s the CIS part of the name) created CIS-CAT Scanning to make it simple for companies to find the best security configuration for all of their tools. The program comes in a number of different versions, including the free CIS-CAT Lite option.

CIS-CAT Scanning Basics

Regardless of which version of CIS-CAT Scanning you use, the basic functionality is the same. 

The program will scan your system and create a list of the different programs and applications you have. Then it will search its catalog for the optimum benchmark security settings for those programs, comparing these benchmarks with your current settings. 

It then ranks how well your settings match these optimal ones, scoring your system from 0 to 100. Finally, CIS-CAT Scanning provides you with a list of recommendations you can implement to improve your compliance and, thus, improve your Internet security.


CIS-CAT Lite is the free version of CIS-CAT, and it comes in two versions: v3 and v4. Both of these versions are available to use for free and will scan your system to compare your security settings with those determined to be benchmarked. You’ll receive a score for each setting and recommendations on how to improve those scores. 

The Lite versions cover a number of programs and operating systems, including Mac OS, Ubuntu, Google Chrome, and Windows 10, though the versions covered by Lite do change periodically. This version is more limited than CIS-CAT Pro, but it can be a good place to begin learning about this tool and what it can do for you. 

For those on a budget, the cost of working with expert outsourced tech support companies to deploy CIS-CAT can be offset by using the free Lite version.

CIS-CAT Lite Security Compliance

CIS-CAT Lite v3 features a GUI interface that focuses on scanning your local system. Select benchmarks are included in this free version. It provides evidence-based reports, unlimited scans, and will help you assess vulnerabilities. 

CIS-CAT Lite v3 is SCAP 1.2 validated, which means that it complies with the standards set out by the Security Content Automation Protocol (SCAP). SCAP standards are used to manage and measure vulnerabilities via an automated system. SCAP is also designed to make certain businesses are in compliance with specific security policies such as the Federal Information Security Management Act of 2002. While it may be less powerful than the pro versions of CIS-CAT Scanning, it can be a good place to start in your security penetration testing.

CIS-CAT Command-Line Interface

CIS-CAT Lite v4, on the other hand, does not have a GUI at all. It’s a command-line interface only. However, this means it includes the command-line controls assessment module. 

This module allows you to scan both your local system and other systems remotely via a semi-automated setup. It also provides access to the v7.1 implementation group 1, which is considered the best practice standard for cybersecurity in Windows 10. In addition to remote access, this version includes everything that Lite v3 has as well as the ability to access multiple computers at once via centralized workflows.


CIS-CAT Pro is the more robust version of CIS-CAT. Unlike the Lite options, however, it does require a yearly subscription fee. There are several licensing options, including membership for academic institutions, nonprofits, government organizations, product vendors, and other companies.


Like CIS-CAT Lite, there are two versions of Pro: v3 and v4. Pro v3 supports more than 90 different CIS benchmarks. It’s SCAP 1.2 validated, and it offers both the GUI and the command-line interfaces. However, it does not include the command line controls assessment module. 

Like the Lite versions, Pro v3 provides a score of 0-100, reports, unlimited scans, and recommendations to improve security vulnerabilities. Additional features include measuring your defenses against additional SCAP content, various customization options, access to benchmarks in OVAL, XCCDF, and XML, and reports in different formats other than HTML.

 You can also access multiple computers at once like you can with Lite v4.

CIS-CAT Pro v4

With CIS-CAT Pro v4, you get access to more than 65 different CIS benchmarks. However, Pro v4, like Lite v4, is command-line only. This means it does include the controls assessment module. It also offers remote access and everything else offered in Lite v4 and Pro v3. CIS-CAT Pro v4 is the complete option with everything available in every other version.

CIS-CAT Scanning Enrollment is Simple

To get access to CIS-CAT Lite (either version), all you need to do is visit the CIS website and download it. You’ll need to fill out a short form about yourself and your company first, but after that, you’re free to use the Lite version for as long as you like.

Enrolling in CIS-CAT Pro, on the other hand, does involve a little more work. You will need to apply for CIS SecureSuite Membership. There are two categories to choose from. The first is for companies that plan on only using CIS-CAT Scanning themselves. This includes nonprofits, academic institutes, government offices, and single end-users. 

The second category is for consultants, vendors, and service providers that will use CIS-CAT Pro both internally and externally.

CIS-CAT Subscription

The subscription fee also depends on the number of employees who are in your company. For companies that will use CIS-CAT internally, there’s a sliding scale fee. 

Smaller businesses will pay less than large corporations. This scaling price allows these smaller or newer companies to still take advantage of what CIS-CAT Pro offers without causing financial stress. Companies can also lock in their yearly rate by paying for up to three years at once.

For consulting and other internal/external use companies, the annual membership fee is determined by their annual revenue. Companies that make more than a billion dollars every year will pay the highest amount, while those that make under one million annually will pay the lowest fee. 

Individuals can also purchase a membership for a lower rate than businesses would. 

Finally, an annual consulting engagement membership is also an option. This limited membership provides access to CIS-CAT Pro Accessor for 30 days and is designed for consultants such as a an outsourced company that handles managed service provider in Los Angeles that includes security services like CIS-CAT to their clients.

If you’re working with Be Structured to handle the deployment of CIS-CAT, you won’t have to worry about any of this. We will handle determining the correct category for your company and include the cost of CIS-CAT Pro with our full solutions package. 

This option is often the best for those who aren’t comfortable handling software installation or security solutions. Having a Managed Service Provider take on your CIS-CAT Pro management allows you to relax while knowing your system’s security is in good hands and that you don’t have to devote your own time to handing CIS-CAT yourself!

How Does CIS-CAT Scanning Help Businesses?

It’s not always easy to know how to perfectly configure each program for maximum security. Even those with years of IT training may find that they’re not using the best practices for a specific program. CIS-CAT Scanning helps you improve your security by scanning your entire network and highlighting where any such vulnerabilities are.

Understanding Your Applications

Why is it important to understand how to configure your applications? If your security isn’t configured correctly, it can open up small vulnerabilities in your system. 

It might not seem like a major issue, but one small security vulnerability in something like your system settings or your password policy could be exploited by an expert hacker. You can never underestimate these people. Even the smallest opening can be all they need.

Understanding Your Security Settings

It’s also important to realize that your security settings aren’t always set in stone. While you may have everything locked down in the beginning, your network is often changing. You may add in more computers, another server, expand your cloud, or install a number of new apps your employees need. 

Each of these changes can change your security settings, especially if you bring in a new program that needs to interface with an older one. If these two applications aren’t fully compatible, you may have to create a work-around that isn’t as secure as it should be.

Optimal Efficiency of Your Network

To keep your security settings at their optimal efficiency, you need to be scanning your network regularly. While a small change may not seem like it would do much, it can set off an avalanche that can result in some of your most important security settings being lowered or turned off completely. 

Using CIS-CAT Scanning will prevent these little changes from becoming major issues. All versions of the program offer unlimited scanning, so you can continue to check your system as often as necessary. While you may not need to do so daily, you should make it a point to scan your system regularly and to scan it after any change in machinery or software.

Focusing Your Security Efforts

CIS-CAT Scanning Provides Compliance and Security While Remaining Affordable and Agile

While CIS-CAT Scanning may not be an actual security program, don’t underestimate how much it can help you keep your system protected. Understanding where your vulnerabilities are is one of the most important steps in securing your network. 

By comparing your system to those designed at benchmarks, you’ll see where exactly you need to focus your efforts. That can be invaluable as it means you’ll be able to direct your time, money, and other resources to the areas that need the most work.

CIS-CAT Compliance Scanning

In addition to helping you improve your security, CIS-CAT Scanning also includes compliance. As mentioned earlier, it is SCAP 1.2 validated, so it checks security settings to make certain they comply with various national and international best practices standards. 

Some businesses, particularly those in healthcare or that work with government agencies, must be compliant with these standards to avoid fines or loss of contracts. 

This tool will also help vendors who must be PCI compliant. Anyone who takes credit cards should meet these requirements in order to ensure their customers’ private financial data can’t easily be stolen. 

These best practices are designed to protect data as much as possible, so matching or even surpassing them should be your goal.

Scalable Pricing

By making the annual fee dependent on the number of employees in the company or on the annual income, the Center for Internet Security has made sure that CIS-CAT Pro is affordable for businesses of all sizes. 

Even those new or very small businesses that aren’t able to work in the cost of CIS-CAT Pro into their budgets just yet can make use of the protections the Lite versions offer. This means there’s no reason a business shouldn’t have some version of CIS-CAT running.

Let An Expert IT Support Company in Los Angeles Help You with CIS-CAT Scanning Enrollment

If you haven’t used any version of CIS-CAT Scanning yet, it’s time to add it to your list of security programs. 

Be Structured Technology Group offers CIS-CAT consulting to Los Angeles based businesses of all sizes in every city in SoCal. So whether you need IT support in Culver City or IT services in Burbank We’re here to assist you in installing the Lite versions of CIS-CAT and in enrolling in CIS membership to purchase the Pro version.

What Are You Doing To Protect Your Network?

Be Structured helps you formulate concrete answers to questions like this.

Protect Your IT Assets With CIS-CAT Scanning

Are You At Risk For A Cyber Attack? 

Ninety-five percent of network security breaches are due to human error. 

Empowering your team with the knowledge and skills to identify cybersecurity threats is essential to keeping your network protected. After all, a team of cybersecurity experts can only protect your network so much; at a certain point, it’s up to your everyday users to sidestep threats before they cripple your network. That’s where cybersecurity awareness training, such as phishing email training from Be Structured, comes into play.

The first step to cultivating a culture of cybersecurity awareness is simply to inform your team about the reality of cyber threats. As new threats emerge, it’s critical to provide ongoing training that helps employees spot threats and avoid them. Phishing email training is one of the most straightforward ways of accomplishing this goal. When you partner with Be Structured, it’s easy to ensure your team stays one step ahead of cybercriminals by automating ongoing phishing attacks.

Phishing email training automatically sends team members simulated phishing attacks on an ongoing basis. Your team will be able to report the email as phishing or, if caught unaware, click on one of the links. If they report the email, they’re congratulated and notified that it was a simulated attack. If, however, they fall victim to the simulated attack, they’re required to complete an additional security awareness training course online to bolster their awareness. Read more about Antivirus and Antimalware here.

Comprehensive Cybersecurity Solutions

When you partner with Be Structured, we secure your network with a comprehensive cybersecurity platform that protects every level of your operations. Our approach includes the latest network security strategies like dark web scanning and phishing email training, all for one fixed monthly price.

With Be Structured overseeing your larger cybersecurity needs and threats, you can be confident you’re staying ahead of the latest developments in the industry while preparing for the challenges of tomorrow. As part of our cybersecurity package, we protect you from external threats such as data breaches and unauthorized access to your network, while also guarding against internal threats with disaster recovery solutions.

Los Angeles IT Support

If you’re ready to take a more proactive approach to cybersecurity, you need a team of experts developing and overseeing your overarching security roadmap. 

Be Structured has the experience and skills to develop customized cybersecurity strategies around your unique operations. We’ll work with you to assess your team’s workflows from the inside out and keep you protected from internal and external threats. 

Get in touch with our team today to start exploring how much your cybersecurity platform can be doing to protect your bottom line and mission-critical data.

Contact us today to discuss why CIS-CAT Scanning is a great option for your company and how Be Structured can help you achieve your security goals.