CIS-CAT for U-M Systems

Information Assurance (IA) recommends that you begin the process of hardening university servers, workstations, or databases by running the Center for Internet Security's Configuration Assessment Tool (CIS-CAT). The tool will scan your system, compare it to a preset benchmark, and then generate a report to help guide hardening efforts.

IA provides a UM-specific modified version of the CIS-CAT tool, as well as other related CIS tools, which can be downloaded and used on any system that is used for university business. For CIS-CAT download information and directions specific to U-M's version, see:

U-M units are free to use any of the CIS tools provided by IA on their U-M systems. CIS-CAT may also be used on personal systems that are used for university business.

IA recommends units achieve 80% compliance or better with the benchmark for any given system.

CIS-CAT does not check for compliance with federal and state laws and U-M policies and standards regarding specific types of sensitive data. If your systems contain sensitive regulated U-M data, you are also required to meet any additional legal, contractual, or policy requirements for that data, regardless of how your system scores against the CIS-CAT benchmarks.

If you can't run CIS-CAT on your system or meet a benchmark: If you cannot run CIS-CAT on a particular system, or you are unable to get a passing score of 80% or better or complete a required hardening item, please contact IA through the ITS Service Center for assistance.

IA provides Group Policies to help secure Windows systems. These Windows Group Policies may be helpful to Windows administrators in reaching the recommended CIS-CAT score. See Group Policy Resources for IT Security for instructions and best practices for using the IA-provided policies.