CIS-CAT Pro Dashboard Change Log


3.5.0

May 15, 2024

Benchmarks

  • Azure Kubernetes Service (AKS) v1.5.0
  • Cisco iOS XE 16 v2.1.0
  • Cisco iOS XE 17 v2.1.0
  • Debian Linux 11 v2.0.0
  • Debian Linux 12 v1.0.1
  • Kubernetes v1.9.0
  • Microsoft Intune for Windows 10 v3.0.1
  • Microsoft Intune for Windows 11 v3.0.1
  • Microsoft Windows 10 Standalone v3.0.0
  • Microsoft Windows 10 Enterprise v3.0.0
  • Microsoft Windows 11 Enterprise v3.0.0
  • Microsoft Windows Server 2016 v3.0.0
  • Microsoft Windows Server 2019 v3.0.0
  • Microsoft Windows Server 2022 v3.0.0
  • Ubuntu Linux 18.04 LTS v2.2.0
  • Ubuntu Linux 22.04 LTS v2.0.0

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies:
    • spring-security-core to v5.8.12
    • spring-web to v5.3.34
    • nimbus-jose-jwt to v9.37.3
    • jakarta.el-api to v6.0.0
    • htmlunit to v4.1.0
    • neko-htmlunit to v4.1.0
    • htmlunit-core-js to v4.1.0
    • htmlunit-cssparser to v4.1.0
    • Removed several dependencies that were no longer needed

Application

Bug Fixes

  • Fixed a bug that cleared Advanced Email Settings during email configuration updates under certain circumstances.

3.4.0

February 6, 2024

Benchmarks

  • Amazon Linux 2 v3.0.0
  • Amazon Elastic Kubernetes Service (EKS) v1.4.0
  • CentOS Linux 7 v4.0.0
  • Google Chrome (GPO) v3.0.0
  • Google Kubernetes Engine (GKE) Benchmark V1.5.0
  • Microsoft Intune for Office v1.0.0
  • Microsoft Intune for Windows 10 v2.0.0
  • Microsoft Intune for Windows 11 v2.0.0
  • Microsoft Windows Server 2019 STIG v2.0.0
  • Microsoft Windows Server 2019 Standalone v1.0.0
  • Microsoft Windows Server 2022 STIG v1.0.0
  • Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) Benchmark v1.4.0
  • Oracle Linux 7 v4.0.0
  • Red Hat Enterprise Linux 7 v4.0.0
  • RedHat OpenShift Container Platform v4 v1.5.0
  • 11 existing Benchmarks signed with updated certificates (no change was made to the Benchmark content itself)

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies:

    • bouncycastle to v1.77
    • tomcat-embed.core and websocket to v9.0.83
    • spring-boot libraries to v2.7.18
    • logback-classic and core to v1.2.13
    • jackson-databind to v2.16.0
    • various Grails libraries to v6.1.1
    • chart.js to v3.0.0
    • snakeyaml to v2.2
    • netty to v4.1.105.Final
    • ion-java to v1.11.1
    • htmlunit to v3.10.0
  • The SMTP, SSL, and LDAP passwords stored in the configuration file that supports Dashboard are now obfuscated

Application

  • The configuration assessment screen is now consistent with the exported HTML report when exceptions are applied
  • Resolved an issue where a target screen would not display when using v2 of the SecureSuite license.

Documentation

  • The README.txt file updated to record suppressed third party dependent library vulnerabilities.

3.3.0

October 30, 2023

Benchmarks

  • AlmaLinux OS 8 v3.0.0
  • Apple macOS 11 v4.0.0
  • Apple macOS 12 v3.0.0
  • Apple macOS 13 v2.0.0
  • Apple macOS 14 v1.0.0
  • Debian Linux 11 STIG v1.0.0
  • Kubernetes v1.8.0
  • Microsoft Edge Benchmark v2.0.0
  • Microsoft IIS 10 v1.2.1
  • Microsoft Office Enterprise v1.1.0
  • Microsoft Windows Server 2012 v3.0.0
  • Microsoft Windows Server 2016 STIG v2.0.0
  • Microsoft Windows Server 2012 R2 v3.0.0
  • Oracle Linux 8 v3.0.0
  • Red Hat Enterprise Linux 8 v3.0.0
  • Rocky Linux 8 v1.1.0
  • Ubuntu Linux 20.04 LTS STIG v2.0.0

The following CIS Benchmarks have been archived and are no longer officially supported. See the Coverage Guide for more information on CIS Benchmarks that have been archived. The “archive” terminology replaces the previous "end of life" terminology when referring to CIS Benchmarks removed from CIS-CAT.

  • Aliyun Linux 2
  • Centos Linux 6
  • Debian 9
  • Fedora 19
  • Oracle Linux 6
  • Red Hat Linux 6
  • Ubuntu 14.04
  • Ubuntu 16.04

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies:
    • tomcat-embed.core and websocket from 9.0.76 to 9.0.82
    • okio-jvm (2.8.0 to .4.0)
    • spring-security-core (5.7.8 to 5.7.10)
    • spring-security-crypto (5.7.8 to 5.7.10)
    • spring-security-ldap (5.7.8 to 5.7.10)
    • spring-security-web (5.7.8 to 5.7.10)
    • Netty updates (buffer, codec, common, handler, resolver, transport) v4.1.74 to 4.1.99
    • Jetty updates (client, http, io, util, websocket-client, websocket -common) v9.4.51 to 9.4.53

Application

  • The database password stored in the configuration file that supports Dashboard is now obfuscated
  • The Standard upgrade process for Ubuntu Linux and Microsoft Windows now offer a non-interactive methods. Beneficial to Members who wish for automated processes to complete upgrades. See Instructions for Microsoft Windows and Ubuntu Linux.
  • Exported HTML reports now reflect excepted CIS Benchmark recommendations as “Excepted”. Scores are adjusted on the report to coincide with screen view scores.
  • Configuration assessment screens now updated to represent CIS Benchmark recommendations newly imported intentionally not mapped to a CIS Critical Control as “Explicitly Not Mapped” on upgrade
  • CIS-CAT Assessor license validator updated to be compatible with new CIS formats in addition to previous formats

Documentation

  • The README.txt file updated to record suppressed third party dependent library vulnerabilities.

3.2.0

August 1, 2023

Benchmarks

  • AKS-Optimized Azure Linux 2 v1.0.0
  • Amazon Linux 2023 v1.0.0
  • Amazon Elastic Kubernetes Service (EKS) v1.3.0
  • Azure Compute Microsoft Windows Server 2019 v1.0.1
  • Azure Kubernetes Service (AKS) v1.3.0
  • Debian Linux 10 v2.0.0
  • Docker v1.6.0
  • Google Kubernetes Engine (GKE) v1.4.0
  • Kubernetes Benchmark v1.7.1
  • Microsoft Windows 10 Standalone v2.0.0
  • Microsoft Windows 11 Standalone v2.0.0
  • Microsoft Windows Server 2016 v2.0.0
  • Microsoft Windows Server 2019 v2.0.0
  • Microsoft Windows Server 2022 v2.0.0
  • Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) v1.3.0
  • NGINX Benchmark v2.0.1
  • RedHat OpenShift Container Platform v4 v1.4.0
  • Ubuntu Linux 20.04 LTS v2.0.1

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies:
    • Spring Security Framework updates (spring-security-core, spring-security-ldap, spring-security-web, spring-security-crypto, etc.) v5.3.26/5.7.5 to 5.3.27/5.7.8
    • Spring Boot dependencies from 2.6.4 to 2.7.12.
    • jetty-client, jetty-http, jetty-io, jetty-util v9.4.49 to v9.4.51
    • websocket-client, websocket-common v 9.4.49 to v9.4.51
    • tomcat-embed.core and websockt from 9.0.73 to 9.0.75
    • htmlunit libraries from 2.61.1 to 2.70.0
    • guava (now 32.0.1) and tomcat-embed.x (now at 9.0.76)
    • com.h2database: h2 2.1.210 to 2.2.220
    • xalan: xalan 2.7.2 to 2.73
    • org.codehaus.janino: commons-compiler 3.1.6 to 3.1.10
    • org.codehaus.janio: janio 3.1.6 to 3.1.10

Application

  • An issue has been resolved with latency on all screen loads upon initial installation and server restart.
  • Screen and HTML reports updated to represent CIS Benchmark recommendations intentionally not mapped to a CIS Critical Control as “Explicitly Not Mapped”
  • The Linux installation and upgrade final steps have been improved

Documentation

  • Revised LDAP instructions in the Windows Installation Guide to include an example on options to add a search filter to restrict Dashboard access to only selected users
  • Software Bill of Materials files have been renamed to SBOM_CIS_CAT_Pro_Dashboard
  • CIS-CAT Pro Dashboard’s software bill of materials (SBOM) is now available for download on CIS WorkBench separately in addition to within the release bundle.
  • The README.txt file updated to record suppressed third party dependent library vulnerabilities.

3.1.0

April 24, 2023

Benchmarks

  • Azure Compute Microsoft Windows Server 2022 v1.0.0
  • Cisco iOS 16 v2.0.0
  • Cisco iOS 17 v2.0.0
  • Kubernetes v1.7.0
  • Microsoft Windows 10 Enterprise v2.0.0
  • Microsoft Windows 11 Enterprise v2.0.0
  • Microsoft Windows 11 for Intune v1.0.0

Security

  • Resolved security vulnerabilities present in embedded, third party dependency, tomcat-embed-core and tomcat-embed-websocket. This library has moved to version 9.0.73.
  • Resolved security vulnerabilities present in the Commons-fileupload embedded, third party library.
  • Resolved security vulnerabilities present in embedded, third party dependency of Spring Security. This dependency has moved to v5.3.26.

Application

  • Duplicate configuration assessment result files (ARF.xml) manually placed in the “input” folder for import will no longer stall the import process and be moved to the error folder.
  • On upgrade, an installation utilizing HTTPS communication protocol will no longer receive a warning that port 443 is not available
  • Installation has been enhanced to include more verbose logs and more informative on screen messaging when an installation may not complete as expected
  • On initial installation, the database password validation has been enhanced to ensure the created password matches the required format.
  • The CIS SecureSuite license process has been modified to remove the dependency on Data Exchange Layer (DXL) communication fabric
  • Increased verbosity of logging surrounding some actions
  • The base Grails framework was moved to version 5.2.4, which also upgraded dependencies such as Spring Framework.
  • The Dashboard’s service name has been modified to include an underscore, CCPD_Windows

Documentation

  • Updated User Guide and Benchmark Coverage Guide to review additional details on assessing from Dashboard with tailored benchmark content. See the User Guide and CIS Benchmark Support Guide for information on how to assess with tailored content.
  • CIS-CAT now delivers with a Software Bill of Materials (SBOM) located in the documentation directory
  • The documentation directory now contains the licenses for third party libraries utilized by CIS-CAT
  • The README.txt file updated to record suppressed third party dependent library vulnerabilities.
  • HTTPS Certificate Trust information has been modified to include more information

3.0.1

December 21, 2022

Benchmarks

  • Alma Linux 9 v1.0.0
  • Microsoft IIS 10 v1.2.0
  • Microsoft Office Enterprise v1.0.0
  • NGINX v2.0.0
  • Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) Benchmark v1.2.0
  • Oracle Linux 9 v1.0.0
  • Red Hat OpenShift Container Platform v4 v1.3.0
  • Rocky Linux 9 v1.0.0

The following CIS Benchmarks included in CIS-CAT Pro Dashboard have moved to end of life and are no longer officially supported. See the Assessor Coverage Guide for more information on CIS Benchmarks that have reached end of life.

  • Amazon Linux v2.0.0

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.

Application

  • none

Documentation


3.0.0

December 12, 2022

Read our blog to learn more about these changes.

Benchmarks

Security

  • The ccpd-config.yml (stored in “conf” folder) supporting the CIS-CAT Pro Dashboard operation now limits read/write privileges to only privileged Microsoft Windows or Linux users.

Application

  • System requirements for installation modified to require and support only
    • One Dashboard Host server: Ubuntu Linux 20.04 OR Microsoft Windows Server 2016/2019
  • Downloaded file changed:
    • Microsoft Windows: CIS-CAT-Dashboard-v3.0.0-windows.zip
    • Ubuntu Linux: CIS-CAT-Dashboard-v3.0.0-linux.zip
  • Installation process streamlined:
    • All standard components embedded (Database - MariaDB, JRE - openJDK 8, Tomcat 9)
    • Valid CIS SecureSuite license required. Alerts when license not valid (expired/null)
    • Standard (minimum - streamlined) or Custom (advanced options) installation options
    • Options within installer to generate self-signed certification to support HTTPS
    • Port availability validation of required installation ports based on selected options (Ex: 8080, 443, 3306, etc.)
  • The configuration assessment import process has significantly been improved. On average, configuration reports will import in less than 30 seconds.
  • LDAPS, allowing for encryption of LDAP data such as user credentials, for Active Directory services now supported.
  • Single system remote assessment functionality now embedded as standard feature (replaces deprecated Assessor v4 Service). Currently supported only for SSH and Microsoft Windows over HTTP. See how to configure target endpoints with WinRM over HTTP.
  • Dashboard functions to support vulnerability assessment have been removed. CIS-CAT now exclusively performs and supports configuration assessments primarily for CIS Benchmarks with automated assessment content. Please see our knowledge base article for more information.
  • Integration to CIS WorkBench has been temporarily disabled in version 3 of Dashboard. This feature will return in 2023 and coordinate with new Dashboard retrieval method in CIS WorkBench.

Documentation

  • Updated all installation requirements and instructions
  • The README.txt has been updated to represent Dashboard v3.0.0 information

Archive - Version 2.x


CIS-CAT Pro Dashboard v2.3.2 - FINAL version 2 series.

November 15, 2022

Due to critical security vulnerabilities in the end of life CIS-CAT Pro Dashboard version 2 and the availability of version 3 (planned December 2022), CIS has released one last version of Dashboard version 2 series. CIS understands that some organizations will need time to adopt version 3 of Dashboard when it becomes available in December 2022. There have been no changes to the Deployment or User Guides.

Version 2.3.2 will be the final release of CIS-CAT Pro Dashboard version 2 series. Dashboard version 3.0.0 will replace the 2.x versions in early Q4 2022, but will not be backwards compatible. A clean install of Dashboard version 3.0.0 will be required as there will be no upgrade or data migration options available from any previous 2.x version.

Read our knowledgebase article to learn more.

Application

  • N/A

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.

Documentation

  • N/A

CIS-CAT Pro Dashboard v2.3.1

September 21, 2022

Version 2.3.1 will be the final release of CIS-CAT Pro Dashboard version 2 series. Dashboard version 3.0.0 will replace the 2.x versions in early Q4 2022, but will not be backwards compatible. A clean install of Dashboard version 3.0.0 will be required as there will be no upgrade or data migration options available from any previous 2.x version.

Read our knowledgebase article to learn more.

Application

  • Palo Alto configuration assessment reports now import successfully.

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.

Documentation

  • Updated Deployment and User Guides to include End of Life information.

CIS-CAT Pro Dashboard v2.3.0

May 3, 2022

Application

  • Configuration exceptions in Approved status where a Target Primary ID is present can now be edited by a user assigned ROLE_ADMIN from the Configuration Exception Search page under the Reports Menu. Upon submission, configuration report scores will be recalculated. Edits do not require exception workflow approval and will be effective immediately.

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.
    • Upgrade Grails Framework from v4.0.11 to v5.1.7, which facilitated upgrade to vulnerable Spring Framework libraries

Documentation

  • Updated User Guide to include information on how to edit an exception.

CIS-CAT Pro Dashboard v2.2.6

April 5, 2022

Application

  • None

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.

Documentation

  • None

CIS-CAT Pro Dashboard v2.2.5

March 22, 2022

Application

  • Increased performance of assessment report import duration issue when low score alerts are utilized.
  • CVE and CVSS data from the National Vulnerability Database (NVD) for 2022 are now available to support the CIS-CAT Assessor vulnerability reports. Ensure to update the NVD data from the Dashboard menu.

Security

  • The README.txt file now contains information about third party dependent libraries that may appear on vulnerability reports.

Documentation

  • None

CIS-CAT Pro Dashboard v2.2.4

February 17, 2022

Application

  • Resolved an issue of where importing assessment reports took an excessive amount of time. The import process speed has been improved.
  • An export error corrected for configuration report XML format.

Security

  • Resolved security vulnerability present in embedded, third party dependencies.

Please see the related knowledge base article for more information regarding the security updates.

Documentation

  • The Dashboard Windows Configuration Guide has been updated with working links in the "Creating a Self-Signed Certificate using Windows Powershell"

CIS-CAT Pro Dashboard v2.2.3

December 7, 2021

Application

  • None

Security

  • Resolved security vulnerabilities present in framework dependencies:
    • Bootstrap
    • Jquery
    • Jquery UI

Please see the related knowledge base article for more information regarding the security updates.

Documentation

  • Update Windows and Linux Deployment Guide to remove Assessor v3 integration instructions.

CIS-CAT Pro Dashboard v2.2.2

November 9, 2021

Application

  • None

Security

  • Dashboard users are now limited to:
    • Modifying only their own Alert Opt In/Opt Out settings
    • Deleting their own Alert messages
    • Adding/deleting their own favorites (ie: favorite Benchmark on the Benchmark View graph)
  • Resolved a security vulnerabilities present in one embedded, third party dependencies.

Please see the related knowledge base article for more information regarding the security updates.

Documentation

  • None

CIS-CAT Pro Dashboard v2.2.1

September 23, 2021

Application

  • Resolved an issue causing some assessment reports to fail to import when several reports were automatically imported via the API.
  • Configuration assessment scores correctly updated on exception approval.
  • Dashboard users with expired password are now able to reset the password from the application.
  • Malformed files imported to the Dashboard via API will now properly move to error folder instead of stopping additional file imports.
  • Modified the "Create New User" screen with enforcement of the required data entry.
  • Rule level details in the Configuration Assessment Difference Report can now be expanded.
  • The Dashboard installer will now continue to work with supported, stable versions of Java (JRE, JDK, openJDK) of 8 and 11.
  • Corrected an issue where a configuration result would fail to import when no system information was collected for a particular check.

Security

  • Resolved security vulnerabilities present in embedded, third party dependencies. Please see the related knowledge base article for more information.

Documentation

  • Preferred component section of the Configuration Guide specifies that if selecting components other than preferred components, OS compatibility with required components should be verified.

CIS-CAT Pro Dashboard v2.2.0

July 1, 2021

CIS-CAT Pro Updates

  • NEW report: Configuration Assessment Result Summary
    • Summary list of failing recommendations by benchmark profile and version and system count for each fail result
    • System count results for most recent result data
    • Excludes excepted results
    • Export target details for selected report results to csv format
  • CIS Controls V8 Support
    • Views no longer display CIS Controls V6 as V6 has reached end of life
    • Configuration assessment views include Controls V8 reference when present on CIS Benchmarks. All CIS Benchmarks published after May 18, 2021 will include Controls V8 reference. Follow the CIS-CAT Pro Assessor v4 Change Log for new Benchmark versions.
    • Previously imported CIS official Benchmarks released in CIS-CAT Pro Assessor v4.7.0 will now show Controls 8 cross references to recommendations in the Controls View of a single assessment result.
  • Dashboard Installer updated to generate configuration file consistent with Oracle database 12c, 18c, 19c support (10c dialect removed and replaced with 12c)
  • Resolved error for Assessment result import for supported Oracle databases
  • The configuration assessment import process now correctly stores complex results enabling full display of result evidence when viewing a configuration assessment. Effective on new imports with Dashboard v2.2.0+.
  • Additional verification added to ensure each user can only change their own password in the user profile.

Documentation Updates

  • Deployment Guide updates
    • Windows and Linux Deployment guide indicates load balanced configurations are not currently supported.
    • Oracle database supported versions as a database component for Dashboard include 12c, 18c, and 19c.
  • Updated Windows Deployment Guide to indicate supported OS includes Windows 2019
  • Updated Linux Deployment Guide to indicate supported OS includes Ubuntu 18.04

CIS-CAT Pro Dashboard v2.1.0

April 14,2021

CIS-CAT Pro Updates

  • Resolved an error with Active Directory and LDAP integration when using Dashboard v2.1.0+.
  • Improvements to HTML exported reports for an individual configuration report
    • Now consistent with Assessor v4 HTML format
    • Advanced evidence available in the report when results imported to Dashboard in versions 2.1.0+ (reports for assessment results imported prior to version 2.1.0 will be in old format)
    • Imported configuration results to Dashboard version 2.1.0+ now compressed and stored to enable fast HTML export without error
    • Configuration results utilizing CIS' proprietary Embedded Check Language (ECL) AND imported prior to Dashboard version 2.1.0 is not supported (results from benchmarks where there is an absence of "oval" or "xccdf" in the filename)
  • Assessment results will now import successfully to Dashboard when mac addresses are > 60 characters, which adds support for infiniband devices.
  • Configuration assessment result screen now correctly include "unknown" and "error" results. Views streamlined and help text added.
  • Improved web application security by removing unneeded menu items, such as the Collections menu.
  • Security access for Dashboard users streamlined to include 3 security roles with pre-defined functional access.
  • Resolved issue with display of Target System IPs in Target System search results.
  • Resolved an issue with resetting the password.
  • Target System and Benchmark View graphs updated to allow selection of the check box when choosing data to display.

Documentation Updates

  • User Guide updates
    • Updated scoring information available in guide on configuration assessment view screen. Screen shots updated to show new "unknown" and "error" columns.
    • Updated functionality on user roles
  • Updated Windows Deployment Guide to indicate supported database component now includes Microsoft SQL Server 2019 to support storage of Dashboard data.

CIS-CAT Pro Dashboard v2.0.0

January 20, 2021

CIS-CAT Pro Updates

  • Baseline framework upgrade that includes:
    • Grails v4.0.4 which includes upgrades to Spring and Spring Boot
    • Spring Security v5.1.6
  • 2021 vulnerability definitions, downloaded from NIST, are now supported.
  • New CVE definitions will now correctly attach to existing vulnerability data in the database when utilizing the "Attach CVEs to Existing Definitions" button.
  • Support and compatibility offered for Apache Tomcat 9 and Java Runtime Environment (JRE) 8 to 11.
  • Unsupported files will be moved to the error folder when manually dropped into the legacy import folder.
  • Purged assessment reports are no longer returned in assessment report result searches.

NOTE: This is a major upgrade to Dashboard. Please ensure to backup your database and deploy in a test environment. It is highly recommended to utilize the Dashboard Installer as formats of the configuration has changed due to the Grails upgrade. Please check the Windows and Linux Deployment guides for updates to ccpd-config.yml formatting.

Documentation Updates

  • Modifications to Linux and Windows Deployment Guide
    • Application Server and java components contain more detail
    • Support for Apache Tomcat 9 added
    • Support for Java Runtime Environment 8 through 11
    • Updated link for product support portal
    • Additional detail added to Java configuration to ensure successful report exports from the Dashboard
  • IIS configuration instructions updated to support optional authentication with CIS WorkBench for receiving in-application alerts on new CIS-CAT Pro releases.

CIS-CAT Pro Dashboard v1.1.13

May 5, 2020

CIS-CAT Pro Updates

  • Support added to facilitate import of configuration assessment results for CIS Benchmark VMWare ESXi 6.7.

Documentation Updates

  • Updated Java requirements to indicate that Java 8.251+ is not supported.

CIS-CAT Pro Dashboard v1.1.12

CIS-CAT Pro Updates

  • Multi-select configuration assessment report(s) for daily delete from database.
  • In-Dashboard alerts will now occur for new versions of Assessor v4 Service.
  • Full 2020 vulnerability definitions, downloaded from NIST, are now supported.
  • Resolved error on target system delete when ad hoc assessment job records exist for deleted target.

Documentation Updates

  • Documentation and Dashboard installer updated to support recommended location of import directories as residing in the Tomcat structure.
  • User guide emphasizes requirement of direct internet connectivity when integrated with CIS Workbench and downloading updated NVD Data from NIST.
  • Corrected key tool file path mentioned in Linux Deployment section in guide.

CIS-CAT Pro Dashboard v1.1.11

CIS-CAT Pro Updates

  • Ability to orchestrate a remote ad-hoc assessment for an individual target system with a selected CIS Benchmark.

  • Delete buttons, such as assessment report delete, will now only allow users to click once. Deletion is assumed "in progress" when the button is disabled.

IMPORTANT: To use the remote ad-hoc assessment capability, installation of CIS-CAT Pro Assessor v4 Service v1.0.0+ is required.


CIS-CAT Pro Dashboard v1.1.10

CIS-CAT Pro Updates

  • Members now have the option to receive an in-application alert when a new CIS-CAT Pro release has been uploaded to CIS WorkBench. Requires some setup in Dashboard Setting menu to configure an integration with CIS WorkBench.

IMPORTANT: To receive new release alerts, make sure the application has the write privileges to ccpd-config.yml file.


CIS-CAT Pro Dashboard v1.1.9

CIS-CAT Pro Updates

  • The result import process has been modified to decompress and import result XML reports from CIS-CAT Pro Assessor v4 when sent via the API. Compressed reports will be sent when the Assessor v4 property is set to compress result XML reports.
  • The tag field on an individual target system is read only for users without the admin role.

Documentation Updates

  • More emphasis added on required UTF-8 encoding set for Tomcat configuration.
  • The supported version of Maria DB has been specified in the online documentation.
  • More emphasis on the type of MS SQL server User required for Dashboard installation.

CIS-CAT Pro Dashboard v1.1.8

CIS-CAT Pro Updates

  • Support for NIST vulnerability JSON data feeds version 1.1 including the latest information. Important: because of NIST XML Vulnerability Feed retirement, import of NVD feeds in XML format is no longer supported in the Dashboard.
  • CIS Benchmark version number added to Configuration Exception Search, Individual Target - Configuration Tab, and Assessment Results List.
  • New auto complete function displays existing tags for selection in the tag field in the Exception popup and Dashboard Tag Chart.
  • Target system tag assignment is now only available to users with Admin role in individual Target screens.
  • Target Search screen now allows other criteria combination when searching by primary ID.
  • Dashboard Installer process now creates MySQL databases with UTF-8 character sets.
  • Help text added to Linux installer process regarding import folder permissions.

Documentation Updates

  • CIS-CAT Pro Dashboard Upload Report API defined. Located in Linux and Windows Deployment section as a subsection titled "Dashboard API."
  • Manual instructions for MySQL database installation updated to include accommodation for UTF-8 character sets.
  • Tomcat installation visual material now consistent with written instruction.

CIS-CAT Pro Dashboard v1.1.7

FUNCTIONAL ENHANCEMENTS

  • Enhanced process for adding and removing tags to target system allows for updates in bulk vs. single target system updates. Available on the Target search screen only to users with admin role.
  • Search by IPv4 IP range has been added to the Target search screen.
  • New autocomplete function displays existing tags in the Target search screen tag field. Enter a space to show all tags.

SYSTEM ENHANCEMENTS

  • Target system deletion is now only available to users with admin role.
  • Target System Identifier deletion, edit, and creation is now only available to users with admin role.
  • Configuration and Vulnerability assessments deletion is now only available to users with admin role.
  • Configuration assessment and difference reports now show "no collected data" in the assessment section of a recommendation when the result is 'unknown' or 'not selected'.

DOCUMENTATION UPDATES

  • Linux/Windows deployment introduction modified to clearly define CIS-Supported components required for Dashboard operation.
  • Component documentation modified to indicate official support of Google Chrome web browser for CIS-CAT Pro Dashboard.

CIS-CAT Pro Dashboard v1.1.6

SYSTEM ENHANCEMENTS

  • Supports MacOS 10.13 CIS Benchmark.
  • Updated, more consistent schema validation process upon vulnerability report import. Per existing functionality, reports failing validation will generate a Dashboard inbox alert and will be moved to the error directory.
  • New users will be assigned ROLE_USER and ROLE_BASIC_USER on default upon creation.

BUGS

  • Updated vulnerability validation process on import of a Windows 10 vulnerability assessment from CIS-CAT Pro Assessor v4.
  • Resolved error on configuration assessment report display when no evidence is collected.
  • HTML reports display 4 digit Benchmark version numbers

DOCUMENTATION UPDATES

  • Dashboard and Assessor documentation configuration updated for tool integration. Instructions in the online Dashboard documentation is now more clearly defined by modifying some text and moving around sections of the instructions.
  • Linux Deployment instructions enhanced. Many clients required additional information regarding legacy/import folder permissions and configuration.

CIS-CAT Pro Dashboard v1.1.5

FUNCTIONAL ENHANCEMENTS

  • CIS Controls V7.0 support: For Benchmarks mapped to CIS Controls, users can view how recommendations relate to CIS Controls. See our upcoming blog to learn more.
  • The CIS-CAT Pro Dashboard's HTML report has been modified in style to match the Assessor's HTML report for consistency purposes.
  • For Dashboard Installer users, existing database settings will be detected and used instead of changed to CIS-CAT recommended settings.

SYSTEM ENHANCEMENTS

  • Oracle users upgrading from Dashboard versions prior to 1.1.3 will benefit from better database performance due to established indexing. Oracle users who have upgraded to Dashboard versions 1.1.3 or later to 1.1.5, will obtain the necessary indexes on upgrade.
  • The Installer has been whitelisted with Symantec anti-virus.

BUGS

  • Resolved an issue for SQL Server users when drilling down on the Benchmark View chart.

CIS-CAT Pro Dashboard v1.1.4

FUNCTIONAL ENHANCEMENTS

  • Installation and Upgrade Tool: A step-by-step embedded tool for the install/upgrade of dashboard that steps members through each process.
  • Graphs Viewable With or Without Internet Connectivity: CIS-CAT Pro Dashboard can now display assessment results in a graphical form whether your application server is on or off-line.

SYSTEM ENHANCEMENTS

  • MySQL database driver replaced by Maria DB driver (increase performance). IMPORTANT: in ccpd-config.yml, "com.mysql.cj.jdbc.Driver" driverClassName needs to be replaced by "org.mariadb.jdbc.Driver". Can be done with the Installer or manually.
  • Jobs run in succession (queue) to avoid simultaneous access to the database.

BUGS

  • Fixed reset password link and password expired redirection for users using a webserver.
  • Fixed a bug when importing duplicate oval variables.
  • Fixed a bug when importing benchmark front-matter and rear-matter xml elements.

CIS-CAT Pro Dashboard v1.1.3

FUNCTIONAL ENHANCEMENTS

  • Implemented a Difference Report for comparing an assessment result with the previous assessment result.
  • Added ability to delete individual Configuration Assessments and Vulnerability Assessments.
  • Conversion abilities to convert existing data to the new data model.
  • Added ability to attach existing vulnerability assessments to NVD data updated after the import of the assessment.

SYSTEM ENHANCEMENTS

  • Delete target systems Performance improvements.
  • Added "Attach CVEs to Existing Definitions" button on the Vulnerabilities List. This will allow NVD data to be imported after vulnerability assessments.
  • New Assessment Data Model which will offer performance improvements in: Import, Export, Delete functionality.
  • Support for WebLogic appliction server

BUGS

  • automated database changes required when updating from a version prior to v1.1.2.

CIS-CAT Pro Dashboard v1.1.2

SYSTEM ENHANCEMENTS

  • Import Performance improvements.
  • Implemented a new way to identify duplicate imports, to maintain a smaller and more accurate version of content, especially OVAL content.

BUGS

  • Fixed a bug with imports sometimes misidentifing duplicate target systems
  • Fixed a bug with importing of older CIS content, such as AIX 6 results.

CIS-CAT Pro Dashboard v1.1.0

FUNCTIONAL ENHANCEMENTS

  • CCPD can now except custom target system identifiers from CIS-CAT Pro Assessor. A custom element can be configured in CIS-CAT Pro Assessor to be passed to CCPD via the import functionality.
  • Group Exceptions - you can now add exceptions to entire groups or sub-groups of recommendations
  • Vulnerability Reports - you can now upload vulnerability reports from CIS-CAT Pro Assessor. These reports also have exception funcitonality like the configuration assessment reports
  • Vulnerability Dashboard - you can view your vulnerability data over time using the Vulnerability Dashboard.
  • NVD Data Import - you can now import CVE and CVSS information directly from the NVD. This data is used to support vulnerability report scoring

SYSTEM ENHANCEMENTS

  • Target System UI - redesigned to better present information, including the profile level of each asseessment result. added tabs for configuration results and vulnerability results.
  • Improved performance on Complete Report and Remediation Report exports.

BUGS

  • fixed a bug from 1.0.5 where importing subsequent ARF files would create additional Target System records

CIS-CAT Pro Dashboard v1.0.5

FUNCTIONAL ENHANCEMENTS

  • Added Title information to the alert dialog
  • User Favorites - added a user favorites section where users can mark their favorite benchmarks or target systems. The Benchmark Dashboard and Target System Dashboard now use user favorites to display the options available for graphing
  • Inbox UI Improvements
  • added an All/Unread toggle to the User Inbox to easily view only unread messages.
  • added orange text to unread tasks in the User Inbox, to provide a visual distinction from other types of unread alerts.
  • added batch delete and mark read/unread to the User Inbox
  • Exception workflow - added alerting to recipient list when an exception is approved/rejected. Previously the alert would just go to the requester, now it will go to everyone on the recipient list, which can be managed in the admin section
  • added security to exception end dating to only allow ROLE_ADMIN to end date exceptions
  • Exception End date alert - recipient list will be notified when an exception is end dated

SYSTEM ENHANCEMENTS

  • Target System Primary Identification customization - added ability to customize the primary identifier used for target systesms at an application level, and per target system. By default, hostname will be the primary identifier of all target systems, but you can now change to use another identifier type, such as fqdn, mac-address, or a custom identifier.

BUGS

  • fixed bug where CCPD would not run using SQL Server 2014
  • fixed missing "Back" button on Target Systems Dashboarad when toggling between multi/single view
  • fixed bug preventing deletion of target systems

CIS-CAT Pro Dashboard v1.0.4.1

FUNCTIONAL ENHANCEMENTS

  • Device View Dashboard - you can now search by device, or multiple devices, instead of having them all listed.

SYSTEM ENHANCEMENTS

BUGS

  • fixed bug where viewing assessment results would make the end time on the report 12:00am
  • fixed an import bug where missing oval definitions would cause an import to fail.

CIS-CAT Pro Dashboard v1.0.4

FUNCTIONAL ENHANCEMENTS

  • Alerting functionality
  • users will now receive configurable alerts for: Test Results imported, Low Scoring Results imported, Errors importing Results
  • Exception Workflow - when an exception is created it will go into a Pending status, and an task will be created to approve/reject the exception. this defaults to users with ROLE_ADMIN, but is configurable
  • User Inbox - new inbox on the menu bar for alerts and workflow tasks
  • Exceptions View on Test Results - a new view was added to Test Results to show all exceptions that apply to that test result in a single list.
  • Exceptions by Target System - the target system screen now displays all exceptions that apply to that target
  • Exceptions Search - you can now search for exceptions by: Target System, Tag, Benchmark, Dates
  • User Tags - users can now be tagged, this allows for alerts to be sent to users by tag
  • Role Tags - Roles can now be tagged, no current functionality is effected by this.
  • Added hostname to the Target System Search, Remediation Report Search, Complete Results Search

SYSTEM ENHANCEMENTS

  • Added support for Oracle Databases
  • Added Support for SQL Server databases
  • Performance improvements for the import process
  • CCPD software version now appears on the title bar
  • Functional Area now applicable by action - the functional areas for security use to only be able to control access at the controller level, administrators can now control access at the action level, whichi is much more granular

BUGS

  • fixed vulnerability where a basic user could become an administrator

CIS-CAT Pro Dashboard v1.0.3

FUNCTIONAL ENHANCEMENTS

  • Ability to Tag Users
  • Ability to Tag Roles
  • Ability to Search Users
  • Profile selected added to the Assessment Results List and Assessment Results Search pages.

SYSTEM ENHANCEMENTS

  • Performance improvements on Assessment Result Importing

BUGS

  • Fixed concurrency issues when uploading and importing Assessment Results simultaneously

CIS-CAT Pro Dashboard v1.0.2

FUNCTIONAL ENHANCEMENTS

  • Assessment Results Search page has been added to the Reports menu. Users can now search for assessment results by: hostname, date range, benchmark, and tags.
  • Exceptions added in CCPD will now show in the HTML export document.
  • Added guidance on the dashboard screens to explain the data.
  • Months now appear by name instead of number on the Dashboard Graphs for improved readability.
  • Added a rule to prevent duplicate assessment results imports.
  • Added links to the CCPD User Guide, and The CIS WorkBench, in the main navigation menu at the top right of the application.

SYSTEM ENHANCEMENTS

  • Created an initialization service to process data fixes required for new releases, bypassing the need to manually run data scripts.
  • Made search criteria modular so that criteria and new searches can be added to the system easier.
  • Assessment Results List now uses a pre-calculated score, which improves performance.
  • Assessment Result import/export processes now use the weight from the XCCDF rule-result element of the TestResult, instead of the rule element of the Benchmark.
  • Made performance improvements to the Assessment Results View page.

BUGS

  • Users can now import assessment results from target systems with underscores in their hostname.
  • Users can no longer access user functionality when unauthenticated.
  • Dashboard scoring calculations to include recommendation weights and exceptions.
  • All users are now assigned ROLE_BASIC_USER which allows access to user functionality: profile, forgot password, password reset.
  • HTML export will now take the weight of a recommendation from the results rather than the benchmark, as the imported version could have different weights than the results.
  • Users with ROLE_API can no loger be added to other roles on the Show Role Screen.
  • Remediation Reports with no failed rules will now show a congratulatory message instead of a blank result.
  • Assessment Results can now be imported concurrently

CIS-CAT Pro Dashboard v1.0.1

  • Converted documentation to online documents available at: http://cis-cat-pro-dashboard.readthedocs.io
  • Fixed issues with CIS-CAT Pro Dashboard running on tomcat v8.5.11 including:
    • user/role administration dialogs not working
    • dashboards not showing
  • Fixed scoring inconsistency between the Assessment Results List, individual Assessment Results View screen, and the HTML export of the assessment results. The inconsistancy was the result of weighting of recommendations and exceptions added to recommendations

CIS-CAT Pro Dashboard v1.0

Initial Release