Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  Technical Services  ›  CIS Membership

The Information Security Office has purchased a year membership to CIS SecureSuite for use by the entire University community, including staff, faculty, and students.

CIS SecureSuite allows access to the CIS Benchmarks for hundreds of products, including all major operating systems and server software (Apache, IIS, Tomcat, etc.).  Our membership allows us to customize those benchmarks for our use.  CIS-CAT Lite allows you to evaluate a system against the benchmarks, and it tells you how well the system meets the CIS Benchmarks.  CIS-CAT Pro Dashboard allows you to aggregate that information in one centralized system to manage an entire set of systems, such as for your department.  It allows you to see at a glance compliance with the CIS Benchmarks (or the benchmarks as edited for your environment).

In addition to the Benchmarks themselves, some benchmark communities have provided scripts to automatically configure a system or tool to meet the Benchmarks.  These are called "Remediation Kits".  Not all systems or tools have a Remediation Kit, but it can be extremely useful where they do exist.

The ISO recommends the default CIS Benchmark for configuration standardization across all University owned and managed systems.  With input from the community, the ISO will release a tailored benchmark if the default does not meet the needs or realities of CMU.   If a standard (non-tailored) benchmark does not work for your environment, please contact iso@andrew.cmu.edu with concerns and areas where the default benchmark does not work for your environment.

There are recorded webcasts available in the downloads area with more information on how to use CIS SecureSuite. 

To Sign Up

Go to https://workbench.cisecurity.org and click on "Register Now".  You must use your @andrew.cmu.edu e-mail address, not your CMUName (@cmu.edu).  Please select a different password than your Andrew ID.  If you need help remembering multiple passwords, consider using a password manager

Downloading Tools

All Tools and completed benchmarks and remediation kits will be under the "Download" tab once you've logged in to Workbench.

Links