A lightweight Windows agent that continuously audits your endpoints against CIS Benchmarks — Level 1 and Level 2 — and reports findings to a centralised compliance dashboard. Deploy in minutes, no expertise required.
Guest account must be disabled
CIS-W11-L1-2.2.1 · Security Options
Audit logon events not configured
CIS-W11-L1-2.3.7 · Advanced Audit
Built for security teams who need compliance data without the complexity.
Audits registry settings, account policies, audit policy, firewall rules, service configurations, and more — all mapped to official CIS controls.
Choose between CIS Level 1 (basic hygiene, low operational impact) and Level 2 (defence-in-depth, stricter controls). Scan both simultaneously or target specific categories.
Per-endpoint compliance percentage, category breakdown, and trend tracking over time. Know exactly where you stand and what needs attention.
Pre-built scan policies for common use cases: Win 11 Baseline, Win 11 Strict, Account Security, Network Hardening. One click to configure and deploy.
Manage dozens or hundreds of endpoints across isolated tenants. Role-based access ensures each team only sees their own data.
Each failed control includes the expected value, actual value, and remediation steps. Close gaps efficiently with actionable, specific guidance.
Download the installer package from your CIS Auditor dashboard.
Double-click install.bat. It auto-elevates, copies files, and configures everything — including the Windows service.
Enter the enrollment token from the Agents page. The installer connects to our cloud backend automatically.
Trigger scans from the web UI, apply a policy, and review compliance findings immediately.
Everything you need to get started in one package.
Recommended · Windows 10 / 11
Includes coreagent.exe,
install.bat (double-click to run), and
install.ps1 (PowerShell script).
Auto-elevates, installs the Windows service, and guides you through enrollment.
For advanced / scripted deployments
Download just the agent binary and enroll manually via CLI — useful for automated deployment pipelines (MDM, GPO, Intune).
# 1. Enroll the agent
coreagent.exe enroll --token <token> --url https://cis.company.com
# 2. Install & start Windows service
sc.exe create CISAuditorAgent binPath= "coreagent.exe run" start= auto obj= LocalSystem
sc.exe start CISAuditorAgent
| Supported OS | Windows 10 (21H2+), Windows 11, Windows Server 2022 |
| CIS Benchmarks | Windows 10 CIS v3.0, Windows 11 CIS v3.0, Windows Server 2022 CIS v3.0 |
| Benchmark Levels | Level 1 (all plans), Level 2 (Standard and above) |
| Service Account | SYSTEM (required for security policy and registry access) |
| Config storage | C:\ProgramData\CIS-Auditor\ |
| Install path | C:\Program Files\CIS-Auditor\ |
| Written in | Go (single-binary, no runtime required) |
| Backend | Cloud-hosted (Cloudflare), HTTPS REST API (JWT + agent token) |
| Scan triggers | On-demand (web UI / API) or scheduled via policy |
| Service recovery | Auto-restart on failure, unlimited retries, 30-minute heartbeat trigger |
secedit), advanced audit policy (auditpol), and protected registry keys under HKLM — requires Local Administrator or LocalSystem privileges. LocalSystem is the standard Windows service account for security tooling and already holds all necessary privileges without extra configuration.
-BackendUrl and -EnrollmentToken parameters, making it fully scriptable. You can wrap it in an Intune Win32 app, a GPO startup script, or any remote management tool — no interactive prompts when parameters are supplied.
uninstall.ps1 (included in the installer package) as an administrator. It stops the service, removes it from the SCM, and deletes the install directory. Add the -RemoveConfig flag to also delete configuration and credentials from C:\ProgramData\CISAuditor.
Deploy the agent, run your first scan, and get a compliance score in under 5 minutes.