Control Compliance Suite (CCS)

See the information below on how to use the attached script to generate the risk score from CCS checks.

CCS 12.6.x and any current CCS standards that are not deprecated or outdated.

Development has created a script that can be used to extract the Risk score for each check. They have also already extracted the information for the RHEL checks as an example. See the information below:

Please find the excel 'RISK_Scores_For_RHEL_Standard_Checks.xlsx' attached with includes the Risk score for the checks from the below listed RHEL benchmarks

• CIS Benchmark for Red Hat Enterprise Linux 7 v3.1.1 Level 1
• CIS Benchmark for Red Hat Enterprise Linux 7 v3.1.1 Level 2
• CIS Red Hat Enterprise Linux 8 Benchmark v2.0.0 Level 1
• CIS Red Hat Enterprise Linux 8 Benchmark v2.0.0 Level 2
• CIS Red Hat Enterprise Linux 9 Benchmark v1.0.0 Level 1
• CIS Red Hat Enterprise Linux 9 Benchmark v1.0.0 Level 2

If you want to generate the risk score for any of the other standards then you can do the same by following the below mentioned steps

• Get the standard names from the CCS Console.
• Execute the SQL query (mentioned in 'Get_CIAAAA_CCSChecks.sql' attached file) in CSM_Reports database.
• Copy the SQL query output and dump it in the Excel sheet.
• The column "Risk Score" will show the risk score for all the checks based on the formula.

NOTE: The Risk Score provided in the Excel sheet is based on the CIA AAA rating defined at the check level.