fb-pro.com
Free audit tool for automated system configuration checks
AI Summary
AuditTAP is a free open-source tool from FB Pro that automatically checks the security configuration of operating systems and applications. It validates settings against established standards like DISA, CIS and BSI and generates HTML reports with risk assessments. The tool supports Windows (7-11), Windows Server (2012-2025), Linux distributions and Office applications.
✓ Pros
- + Completely free and available as open source on GitHub
- + Checks against established standards like DISA, CIS, BSI and ACSC
- + Generates clear HTML reports with quantitative risk assessment
✗ Cons
- − Requires technical know-how for installation and interpretation of results
- − Focus is primarily on auditing, not automatic remediation of security vulnerabilities
Use Cases
- → Automated verification of system hardening for Windows and Linux servers
- → Compliance evidence for IT regulations, NIS2 and cyber insurance
- → Documentation of security status of IT infrastructures
- → Integration of security checks into deployment and installation processes
Who is it for?
IT security managers, system administrators and compliance officers in companies, government agencies, banks and critical infrastructure operators who need to demonstrate their system hardening.
Tags
What is fb-pro.com?
AuditTAP (Audit Test Automation Package) is a free, open-source tool by FB Pro that automatically checks the security configuration of operating systems and applications. The tool compares actual system settings against requirements from established hardening standards and produces structured HTML reports with quantitative risk assessments.
Supported platforms include Windows 7 through 11, Windows Server 2012 through 2025, common Linux distributions, and Office applications. The audit catalogues are aligned with DISA STIGs, CIS Benchmarks, BSI-Grundschutz, and ACSC guidelines. The source code is publicly available on GitHub.
Core features
- Automated comparison of system configurations against DISA, CIS, BSI, and ACSC standards
- Support for Windows clients, Windows Server, Linux distributions, and Office applications
- Output as an HTML report with quantitative risk ratings per audit item
- Can be used within the deployment process, for example to validate a fresh installation
- Free and fully open source
Who is fb-pro.com for?
The primary audience is system administrators and IT security professionals who need to document and demonstrate system hardening. The tool is particularly relevant for organisations that must meet regulatory requirements: government agencies, banks, critical infrastructure operators, and companies that need verifiable security status for cyber insurance or NIS2 compliance.
Those expecting the tool to remediate findings automatically will be disappointed. AuditTAP audits and documents. Remediation is the administrator's responsibility. Meaningful interpretation of the reports also requires familiarity with the underlying hardening standards.
Context & alternatives
AuditTAP belongs to the category of compliance audit tools and sits conceptually alongside tools such as OpenSCAP or the CIS-CAT scanner, which also perform rule-based configuration checks against standardised benchmarks. The concrete difference is its focus on the German-speaking market with explicit BSI support.
Organisations that need to demonstrate BSI-Grundschutz or DISA compliance in a mixed Windows-Linux environment and have no budget for commercial tools will find AuditTAP a ready-to-use starting point.
