Question 1

What is CISGuard?

Accepted Answer

CISGuard is a continuous compliance automation platform built by GR IT Services. It scans infrastructure against 22 CIS benchmarks covering 3,928 security controls, with real-time drift detection and multi-framework mapping for NIST 800-53, ISO 27001, and SOC 2. It deploys fully on-premises with air-gapped support and requires no SaaS dependency.

Question 2

What is CIS benchmark compliance automation?

Accepted Answer

CIS benchmark compliance automation uses software agents to continuously scan your infrastructure against Center for Internet Security (CIS) benchmarks. Instead of manual audits, CISGuard automatically evaluates 3,928 security controls across Windows, Linux, cloud, and container platforms, providing real-time compliance posture with drift detection.

Question 3

What is drift detection in compliance?

Accepted Answer

Drift detection is the process of identifying configuration changes that cause an endpoint to deviate from its hardened baseline. CISGuard compares every scan against the previous result and alerts your team within minutes when a configuration regresses, such as a Group Policy change, a firewall rule modification, or an audit policy being disabled.

Question 4

How does continuous compliance monitoring work?

Accepted Answer

Continuous compliance monitoring replaces point-in-time audits with automated, scheduled scans. CISGuard agents detect your platform, run the matching CIS benchmark, and stream results to a real-time dashboard. Every scan is compared against the previous baseline to detect regressions, improvements, and new controls.

Question 5

Can CISGuard be deployed on-premises and air-gapped?

Accepted Answer

Yes. CISGuard is designed for on-premises deployment. All scan data stays within your network perimeter. It supports fully air-gapped environments for classified and regulated industries, with no SaaS dependency, no cloud data transfer, and no internet connectivity required during operation.

Question 6

What compliance frameworks does CISGuard support?

Accepted Answer

CISGuard maps scan results across four frameworks: CIS Benchmarks v8 (3,928 controls), NIST SP 800-53 Rev. 5 (50 mapped controls across 20 control families), ISO/IEC 27001:2022 (36 mapped controls), and SOC 2 Type II (26 mapped criteria). A single scan satisfies multiple compliance requirements simultaneously.

Question 7

What platforms and operating systems does CISGuard support?

Accepted Answer

CISGuard supports 22 security benchmarks across: Windows (10, 11, Server 2022), Linux (Ubuntu 24.04, RHEL 9, Debian 12, Azure Linux), cloud (Microsoft Azure, AWS, Microsoft 365), containers (Kubernetes, Docker, AKS, EKS, OpenShift), browsers (Chrome, Edge, Firefox), and server applications (SQL Server 2022, IIS 10).

Question 8

How quickly can CISGuard be deployed?

Accepted Answer

CISGuard can be deployed and scanning your environment in under one hour for standard deployments. GR IT Services provides fully managed onboarding, including server setup, agent deployment, SSO integration, and SIEM configuration. Enterprise deployments with thousands of endpoints typically complete within 1-2 weeks in phased rollouts.

Question 9

How is CISGuard different from Tenable, Qualys, or Rapid7?

Accepted Answer

Unlike Tenable Nessus, Qualys, and Rapid7, CISGuard is purpose-built for CIS benchmark compliance rather than vulnerability scanning. Key differentiators include: fully on-premises and air-gapped deployment (no SaaS dependency), continuous drift detection between scans, multi-framework mapping (CIS + NIST + ISO + SOC 2 from a single scan), and Kubernetes/Docker container benchmark support. See the full feature comparison at cisguard.ae/compare.

Question 10

How much does CISGuard cost?

Accepted Answer

CISGuard offers three plans: Starter (up to 50 endpoints), Professional (up to 500 endpoints, most popular), and Enterprise (unlimited endpoints). Pricing is per-deployment with no per-endpoint fees or hidden modules. All plans include on-premises deployment, managed onboarding, and data sovereignty. Contact sales@cisguard.ae for a quote.

Question 11

What is multi-framework compliance mapping?

Accepted Answer

Multi-framework compliance mapping is the ability to run a single CIS benchmark scan and automatically map the results to multiple regulatory frameworks (NIST 800-53, ISO 27001, SOC 2) simultaneously. This eliminates the need to run separate assessments for each framework and reduces duplicate evidence collection by up to 3x.

Question 12

Does CISGuard support HIPAA, GDPR, or regional regulations?

Accepted Answer

CISGuard's CIS benchmark scans and NIST 800-53 mapping directly support the technical safeguard requirements of HIPAA, GDPR, UAE PDPL, APRA CPS 234 (Australia), ENS (Spain), TISAX (Germany automotive), and other regulations that reference CIS or NIST controls. Organizations in healthcare, finance, government, and telecommunications across the UAE, USA, Germany, Australia, India, and Spain use CISGuard for regulatory compliance.

Question 13

Is CISGuard a GRC or CSPM tool?

Accepted Answer

CISGuard is the technical control automation layer beneath GRC programs and the CIS benchmark engine for CSPM use cases. It automates evidence collection, multi-framework mapping, and exception management that GRC platforms require, and scans Azure, AWS, and M365 environments against CIS benchmarks. Unlike generic GRC/CSPM tools, CISGuard is purpose-built for CIS compliance with on-premises and air-gapped deployment.

Question 14

Does CISGuard serve organizations in the UAE, Saudi Arabia, and Kuwait?

Accepted Answer

Yes. CISGuard is built by GR IT Services, headquartered in Dubai, UAE. We serve enterprises across the GCC region including Dubai, Abu Dhabi, Riyadh, Jeddah, and Kuwait City. CISGuard supports UAE PDPL, NCA ECC (Saudi Arabia), and regional compliance requirements. On-premises deployment ensures data sovereignty within GCC borders, and our team provides managed onboarding with English support.

Question 15

What is the difference between CIS Controls and CIS Benchmarks?

Accepted Answer

CIS Controls are 18 high-level prioritized safeguards describing what to do ("Inventory of Enterprise Assets"). CIS Benchmarks are prescriptive system-specific guidelines describing how to harden a platform ("Windows Server 2022 Benchmark"). CISGuard automates CIS Benchmark scanning across 22 platforms and 3,928 controls, then maps results back to CIS Controls v8, NIST 800-53, ISO 27001, and SOC 2.

Question 16

What is the difference between CIS-CAT and CISGuard?

Accepted Answer

CIS-CAT is the official CIS scanning utility that runs ad-hoc assessments against single endpoints and outputs static reports. CISGuard runs the same CIS benchmarks across thousands of endpoints from a central dashboard, with drift detection between scans, multi-framework mapping (NIST, ISO 27001, SOC 2), exception management, audit-ready evidence, and SIEM/SSO integrations. CIS-CAT is a scanner; CISGuard is the enterprise compliance platform around continuous scanning.

Question 17

What is configuration drift in cybersecurity?

Accepted Answer

Configuration drift is the gradual divergence of system configurations from a hardened baseline. Common causes include patch deployments resetting security settings, application installs modifying firewall rules, troubleshooting sessions disabling controls, and new servers from outdated templates. Organizations average 14% drift within 30 days of hardening. CISGuard detects drift in minutes by comparing every scan against the previous baseline.

Question 18

What is the difference between CIS Benchmark Level 1 and Level 2?

Accepted Answer

Level 1 (L1) is the practical baseline: settings that reduce attack surface without disrupting business functionality. Level 2 (L2) layers on stricter settings for high-security environments such as classified networks, financial services, and healthcare, at the cost of reduced application compatibility. CISGuard supports both profiles per benchmark and lets you assign L1 or L2 per asset group.

Question 19

How often should I run CIS benchmark scans?

Accepted Answer

Modern best practice, implicit in NIST SP 800-137, PCI DSS 4.0, and SOC 2 Type II, is continuous monitoring with scans every 4-24 hours per asset plus immediate re-scan on change events. Quarterly or monthly scans leave weeks of drift undetected. CISGuard uses delta scanning to maintain this cadence with minimal overhead and supports blackout windows for change-freeze periods.

Question 20

How is CISGuard different from OpenSCAP?

Accepted Answer

OpenSCAP is the closest open-source analogue for Linux/Unix CIS scanning. It scans on demand and produces static reports: no dashboard, no continuous monitoring, no drift detection, no multi-framework mapping, no exception workflow, no SIEM/SSO integrations, and no Windows or cloud coverage. CISGuard provides the enterprise control plane, multi-platform coverage, and continuous monitoring that OpenSCAP lacks, with managed onboarding.

Compliance is no longer a quarterly event.

One platform. Continuous compliance posture.

Continuous Compliance Monitoring

Configuration Drift Detection

Multi-Framework Evidence

Endpoint & Cloud Posture

Built for compliance teams who operate at scale.

Real-time posture

Drift categorization

Framework export

Six decisions enterprise security teams don't have to make.

Continuous, not point-in-time

Sovereign by design

One scan, four frameworks

Drift detection by default

Managed onboarding

Per-deployment licensing

Operating where compliance is non-negotiable.

See CISGuard operating against your own infrastructure.