Link Search Menu Expand Document
OpenRMF Professional Help

CIS Template Information

CIS templates are blank checklists created by uploading .audit files from Tenable made for their Nessus Professional / ACAS scanner. You can use CIS benchmarks in the Audit Compliance Scanner from Tenable Nessus and create audit compliance results. Using those same .audit files from from the https://www.tenable.com/audits website, you can upload that .audit file to OpenRMF® Professional and create a matching CIS checklist to use and match to those audit compliance scans automatically.

These templates can be used in OpenRMF® Professional to create checklists or to copy and create Organizational or System Package level templates.

You can edit the CIS Templates created to tweak the information or add additional manual checks as well. This is similar to how you edit Custom Checklists. To edit these you must have the Template Administrator role or Administrator role.

How CIS Templates are Loaded

CIS templates are blank checklists created by uploading .audit files from Tenable made for their Nessus Professional / ACAS scanner. Drop in the .audit file, upload it, and our custom checklist parser will create a CIS based checklist from that to match CIS benchmarks used in audit compliance scans.

The descriptions in the audits are the vulnerability listings in the checklist created. And associated reference NIST 800-53 data is automatically matched for CCI relationships as well. The severity for each vulnerability is also parsed and matched, defaulted to medium. This CIS checklist can be edited once created to tweak the CCI listing as well as add additional items to the listing where required for manual or documentation data you wish to add.

The code does check for a number in the beginning of the description. That is because the CIS rules have numbers to start and that is what the .audit result has as well. The .audit parsing to checklist has to have that to match on the rule title to fill out the status and details. If you are making custom .audit files please use the CIS benchmark .audit files from Tenable as examples to match correctly.

Upload CIS Template Audit Files

What you can do with CIS Templates

By default, they are used to match up to audit compliance scan results using CIS benchmarks.

Additionally, if you select one or more templates in the listing you can bulk download them all into a ZIP file locally. All the checklist files that you selected will be in that ZIP file. You also can copy them to Organization templates, System Package templates, or even create new checklists in your System Package based on that checklist (if you have the correct System Package permissions).

Copying them to other Templates

Your CIS Templates can also be copied into other templates for Organizational or even System Package templates. System Package templates require you to have a “Create Template” group permission in that system or you will not see the option to copy to a system template. Once copied they are independent and can be updated and edited unto themselves. You may want to do this to customize templates as has been discussed in other areas of the help sections.

Making new Checklists from CIS Templates

If you have any “Create Checklist in a System” permissions you can select a CIS template from the listing and choose the “Create Checklist” from the bulk menu item just above the table listing to the right. If you click the Apply button you can choose the system and then a checklist of that type is created in that system.

You will need to update any information such as hostname, FQDN, role, etc. for the checklist inside the system listing. You will want to do this if you are trying to match this template up to a brand new SCAP scan as they match on STIG type and hostname / device name.

Copyright © 2021 - 2025 Soteria Software LLC.
Do The Work. Automate the Paperwork!SM