Skip to content

About the CIS SecureSuite Member API

Overview

The CIS SecureSuite Member API uses REST. This API has resource-oriented URLs, returns JSON-encoded responses, and uses standard HTTP response codes, token-based authentication, and methods.

Base URL

When submitting a request to the API, use the base URL:

https://workbench.cisecurity.org/api/vendor/v1/

Authentication

Requests to certain endpoints require authentication. The endpoint will have the Public label if authentication is not required or the Authenticated label if authentication is required.

To be authenticated, you must have a SecureSuite Membership. The membership allows you to get a SecureSuite License and in turn an authorization token.

Refer to Get License Key and Authorization Token for detailed instructions.

Available Downloads

All resources are made available as soon as they are released.

Benchmarks

Developed by a global community of cybersecurity professionals, CIS Benchmarks are a collection of best practices for securely configuring IT systems, software, networks, and cloud infrastructure. Download Benchmark export files via the CIS SecureSuite Member API.

Available Files

  • PDF (Benchmarks in a human readable format)

Info

Refer to PDF Resource for information and instructions on downloading Benchmark PDFs.

  • SCAP (Only available for Benchmarks that include automated assessment content)
    • SCAP XCCDF + OVAL (.zip): SCAP bundle including XCCDF, OVAL, CPE, SCE and DataStreams
    • DataStream (.xml): SCAP standard collection format
  • Intermediate Formats (Benchmark data in a machine readable format intended to be more easily converted than SCAP)
    • XCCDF + AE Intermediate Format (.xml): XCCDF, including any available Artifact Expressions (AE)
    • YAML (.yaml): XCCDF + AE in YAML format
    • JSON (.json): XCCDF + AE in JSON format

Info

Refer to Benchmarks Resource for information and instructions on downloading Benchmarks.

SCAP Bundle Files

The following files are included in the SCAP bundle:

File Description
XCCDF.xml The XCCDF acronym stands for Extensible Configuration Checklist Description Format. As the name suggests, the language is used to describe security checklists. These files contain Benchmark recommendations.
OVAL.xml The OVAL acronym stands for Open Vulnerability and Assessment Language. OVAL is declarative language for making logical assertions about the state of system. These files work in conjunction with the XCCDF.xml to help define what is collected from the system using standard OVAL.
CPE-OVAL.xml and CPE-DICTIONARY.xml The Common Platform Enumeration (CPE) serves to identify IT platforms and systems using unequivocally defined names. These files exist for only specific platform Benchmarks and they help the assessment tool check if the target platform is right for the Benchmark. If it isn't, the assessment may give a warning or produce no results.
SCE SCE is short for Script Check Engine. It is the SCAP extension to allow script execution from SCAP policy. It allows you to make your scripts interoperable with your security policy. This directory exists only if a specific Benchmark references attached scripts. The referenced scripts are included in your export.
COLLECTION.xml This is a DataStream file and format that packs the other SCAP components into a single file. Think XCCDF, OVAL, CPE and SCE, all in one place.

Info

Refer to the SCAP Components page.

CIS-CAT Assessor

CIS-CAT Assessor is a tool for automating CIS Benchmark assessment and reporting. Download different versions of CIS-CAT Assessor via the CIS SecureSuite Member API.

Info

Refer to CIS-CAT for information and instructions on downloading CIS-CAT Assessor.

CIS SecureSuite Platform

The CIS SecureSuite Platform is a tool providing a unified view to evaluate conformance to CIS Benchmarks and CIS Controls. Download different versions of the CIS SecureSuite Platform via the CIS SecureSuite Member API.

Info

Refer to CIS SecureSuite Platform for information and instructions on downloading the CIS SecureSuite Platform.

Build Kits

CIS offers Build Kits for certain technologies to assist with remediation and assist in the automation of hardening systems. Download CIS Build Kits for via the CIS SecureSuite Member API.

Info

Refer to the Build Kit for information and instructions on downloading Build Kits.

Contributions

CIS welcomes your contributions. There are no special requirements to contribute beyond recognizing our Terms of Use. If you have a suggestion for improvement, get in touch by starting a discussion in the SecureSuite-API community (login required).

Terms of Use

Review the current terms of use.