Skip to content

Change Log

CIS SecureSuite Platform v1.4.0

February 2, 2025

Features

  • PCI DSS 4.0 mappings are now supported.
    • Refer to this video for more information on this feature.
  • Installation and upgrade:
    • Automated upgrade with a .var file is now supported.
    • Installation and upgrade through the installer now enables you to enter an IP address or fully qualified domain name as the hostname for the application.
      • Note: When upgrading to v1.4.0, if you are using a fully qualified domain name in conjunction with a self-signed certificate, you need to regenerate the self-signed certificate during upgrade (Windows or Linux) for data migration to run successfully.
      • Refer to this video for more information on this feature.
    • When an environment already has Java installed, the installation now enforces the use of the Java delivered with the CIS SecureSuite Platform.
  • Controls Membership licenses are now supported.
  • A reminder to run the installer is now shown for users who switch from a Controls Membership license to a full SecureSuite license.
  • The License page now has additional information to help users, and input for the License File field has been changed to read-only.
  • Local users converted to LDAP users are no longer prompted to change their password.

Bugs

  • On the Home page, the Benchmarks Goal Score chart was redesigned because the circle in the previous design did not always adjust properly to users' screen sizes.
  • CIS-CAT Pro Dashboard data migration no longer fails due to the null artifact_type_id and asset_report_collection_id errors.
  • Running CIS-CAT Pro data migration before CSAT Pro data migration no longer blocks the migration of Controls assessments.
  • When a logged-in user’s system role is changed from System Admin to Basic User, the system role no longer gets unset.
  • The following Benchmarks released with CIS SecureSuite Platform v1.3.0 will no longer receive a signature error:
    • CIS Microsoft Windows 10 Stand-alone Benchmark v4.0.0
    • CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0
    • CIS Windows Server 2019 Benchmark v4.0.0
    • CIS Windows Server 2025 Benchmark v1.0.0
    • CIS Microsoft Windows Server 2019 Stand-alone Benchmark v3.0.0
    • CIS Microsoft Windows Server 2022 Stand-alone Benchmark v1.0.0
    • CIS Azure Compute Microsoft Windows Server 2019 Benchmark v1.0.1
    • CIS Azure Compute Microsoft Windows Server 2022 Benchmark v1.0.0
    • CIS Google Chrome Group Policy Benchmark v1.0.0
  • When migrating data from CSAT Pro to the Linux version of the CIS SecureSuite Platform, the Evidence File Path field now validates entered paths correctly.
  • When adding an exception immediately after another, an error popup appeared, the Results page loaded slowly, and the Exceptions List did not display any added exceptions. All of these issues have been fixed.
  • Entering and saving single quotes or control characters in the Exception Rationale field no longer makes the Edit button unresponsive for that exception.
  • Passwords and secrets are no longer erased in securesuite-config.yml after rebooting your system and upgrading the CIS SecureSuite Platform.
  • The Keycloak task was set to timeout after running for three days, causing a 503 Service Unavailable error when the service was left running. The timeout setting for the Keycloak task is now disabled.

Benchmark Coverage

  • Updated Benchmarks are included from CIS-CAT Pro Assessor v4.59.0 release.

Security

  • For fresh installations of the CIS SecureSuite Platform on Windows, logging in as the root user to MariaDB via Terminal requires the user’s password to be entered or access is denied.
  • Multiple third-party libraries were updated.
    • Tomcat was upgraded to the latest stable version of v9 (9.0.112).
  • The readme.txt was updated with the current list of suppressed third-party security vulnerabilities from dependent libraries.

CIS SecureSuite Platform v1.3.0

December 1, 2025

Features

  • FFIEC and NIST 800-171 Revision 3 mappings are supported.
  • SecureSuite license:
    • SecureSuite licenses can now be uploaded directly to the License page.
    • The status (valid or invalid) of your SecureSuite license now appears in the navigation bar, to the right of License.
  • Admin area:
    • Users page
      • Each user's last login time is now available in the Last Login column.
      • A list of users and their details can now be exported.
      • System role changes now apply immediately, no longer requiring users to log out and log back in for changes to apply.
    • Organizations page
      • Search terms filtering the organization list persist after editing an organization.
  • Controls area:
    • Controls assessments can now be started or imported from the My Assessments section of the Controls Console.
    • After importing a Controls assessment, the “successful import” message differs depending on whether or not the user associated with the imported file is a CIS SecureSuite Platform user.
    • The Safeguard View was redesigned to make it obvious the card can be expanded or collapsed.
    • The CIS Controls page now opens to your selected default Controls version.
  • The Benchmark Conformance Scores graph now supports drill down all the way to an individual result.
  • On Support page, the card for submitting feature requests was removed, and the link on the knowledge base tile goes to the CIS SecureSuite Platform Knowledge Base.

Bugs

  • In the Add Target Systems to Favorites modal for Target System View, existing tags now display in the Include Tags and Exclude Tags fields when the Spacebar is pressed when using either field.
  • Hostname tags and exceptions are now included in CIS-CAT Pro Dashboard data migration.
  • The securesuite-config.conf file deployed by the CIS SecureSuite Platform Installer stored sensitive Keycloak secrets (api_secret and client-secret) in plain text. The installer now encrypts these fields during both fresh installations and upgrades.
  • The “NoSuchMethodError” preventing imports of CIS-hosted CSAT Controls assessments has been fixed.
  • CIS SecureSuite Platform v1.2.0 included an outdated version of the CIS Windows 11 Enterprise Benchmark (v2.0.0). The Benchmark has been updated to the latest version (v4.0.0)

Benchmark Coverage

  • Updated Benchmarks are included from CIS-CAT Pro Assessor v4.57.1 release.

Known Vulnerabilities

The development team is aware of and in the process of remediating two vulnerabilities related to the embedded Apache Tomcat web server component. CIS SecureSuite Platform v1.4.0 will address these vulnerabilities and is currently planned for release in late December.

For more information on the vulnerabilities, refer to this Knowledge Base article.

CIS SecureSuite Platform v1.2.1

October 20, 2025

Features

Resolved Bugs

  • An installation issue on Windows Server 2022 deployments resulting in a "Verify Identity Access Management Module is running" error was fixed. The Windows installer now successfully creates the keycloakVault.p12 referenced in the config-keystore.