CIS-CAT for U-M Systems

ITS Information Assurance (IA) recommends that you begin the process of hardening university servers, workstations, or databases by running the Center for Internet Security's Configuration Assessment Tool (CIS-CAT). The tool will scan your system, compare it to a preset benchmark, and then generate a report to help guide hardening efforts.

U-M units are free to use any of the CIS tools provided by IA on their U-M systems. CIS-CAT may also be used on personal systems that are used for university business.

IA recommends units achieve 80% compliance or better with the benchmark for any given system.

CIS-CAT does not check for compliance with federal and state laws and U-M policies and standards regarding specific types of sensitive data. If your systems contain sensitive regulated U-M data, you are also required to meet any additional legal, contractual, or policy requirements for that data, regardless of how your system scores against the CIS-CAT benchmarks.

If you can't run CIS-CAT on your system or meet a benchmark: If you cannot run CIS-CAT on a particular system, or you are unable to get a passing score of 80% or better or complete a required hardening item, please contact IA through the ITS Service Center for assistance.

IA provides Group Policies to help secure Windows systems. These Windows Group Policies may be helpful to Windows administrators in reaching the recommended CIS-CAT score. See Group Policy Resources for IT Security for instructions and best practices for using the IA-provided policies.