Available as of v2.4.0
To run security scans on a cluster and access the generated reports, you must be an Administrator or Cluster Owner.
Rancher can only run security scans on clusters that were created with RKE, which includes custom clusters and clusters that Rancher created in an infrastructure provider such as Amazon EC2 or GCE. Imported clusters and clusters in hosted Kubernetes providers can't be scanned by Rancher.
The security scan cannot run in a cluster that has Windows nodes.
You will only be able to see the CIS scan reports for clusters that you have access to.
Please refer here for how-to guides on CIS scans.