CimTrak Coverage
CimTrak aligns with ARS by providing the necessary check and balances of security functionality and security assurance of over a quarter of all the ARS controls.
CimTrak provides the meta-level information associated to a pass or failed compliance scan including description, rationale, impact CIS reference, and the expected value. In the event of a failed scan, CimTrak also provides the steps to remediate to a passing status.
Of the 26 ARS control families and 489 total controls, CimTrak aligns with 15 families and 134 controls by providing an automated scan or enabling a process, procedure, or policy to assist with the evidence collection to meet the objective of a defined control family. CimTrak refers to this as a crosswalk.
- Access Control (AC)
- Audit and Accountability (AU)
- Configuration Management (CM)
- Contingency Planning (CP)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Risk Assessment (RA)
- Authorization (CA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- System and Services Acquisition (SA)
- Accountability, Audit and Risk
Management (AR)
- Data Quality and Integrity (DI)
- Data Minimization and Retention DM)
