diff --git a/apis/management.cattle.io/v3/cluster_scan_types.go b/apis/management.cattle.io/v3/cluster_scan_types.go
index 4869f650..584e4a94 100644
--- a/apis/management.cattle.io/v3/cluster_scan_types.go
+++ b/apis/management.cattle.io/v3/cluster_scan_types.go
@@ -11,9 +11,28 @@ import (
 const (
 	ClusterScanConditionCreated   condition.Cond = "Created"
 	ClusterScanConditionCompleted condition.Cond = "Completed"
+
+	ClusterScanTypeCis         = "cis"
+	DefaultNamespaceForCis     = "security-scan"
+	DefaultSonobuoyPodName     = "security-scan-runner"
+	ConfigMapNameForUserConfig = "security-scan-cfg"
+
+	RunCisScanAnnotation         = "field.cattle.io/runCisScan"
+	SonobuoyCompletionAnnotation = "field.cattle.io/sonobuoyDone"
+	CisHelmChartOwner            = "field.cattle.io/clusterScanOwner"
 )
 
+type CisScanConfig struct {
+	// IDs of the checks that need to be skipped in the final report
+	Skip []string `json:"skip"`
+	// Internal flag for debugging master component of the scan
+	DebugMaster bool `json:"debugMaster"`
+	// Internal flag for debugging worker component of the scan
+	DebugWorker bool `json:"debugWorker"`
+}
+
 type ClusterScanConfig struct {
+	CisScanConfig *CisScanConfig `json:"cisScanConfig"`
 }
 
 type ClusterScanCondition struct {
diff --git a/apis/management.cattle.io/v3/cluster_types.go b/apis/management.cattle.io/v3/cluster_types.go
index f1574914..f11dbc5f 100644
--- a/apis/management.cattle.io/v3/cluster_types.go
+++ b/apis/management.cattle.io/v3/cluster_types.go
@@ -30,7 +30,7 @@ const (
 	ClusterActionBackupEtcd            = "backupEtcd"
 	ClusterActionRestoreFromEtcdBackup = "restoreFromEtcdBackup"
 	ClusterActionRotateCertificates    = "rotateCertificates"
-	ClusterActionRunCISScan            = "runSecurityScan"
+	ClusterActionRunSecurityScan       = "runSecurityScan"
 	ClusterActionSaveAsTemplate        = "saveAsTemplate"
 
 	// ClusterConditionReady Cluster ready to serve API (healthy when true, unhealthy when false)
diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go
index edefc27e..d6643190 100644
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@@ -263,7 +263,9 @@ func clusterTypes(schemas *types.Schemas) *types.Schemas {
 				Input:  "rotateCertificateInput",
 				Output: "rotateCertificateOutput",
 			}
-			schema.ResourceActions[v3.ClusterActionRunCISScan] = types.Action{}
+			schema.ResourceActions[v3.ClusterActionRunSecurityScan] = types.Action{
+				Input: "cisScanConfig",
+			}
 			schema.ResourceActions[v3.ClusterActionSaveAsTemplate] = types.Action{
 				Input: "saveAsTemplateInput",
 			}