Version 9.2 of Cyber Security Evaluation Tool (CSET) just released by the Cybersecurity and Infrastructure Security Agency (CISA).
CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations.
CSET guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using recognized government and industry standards and recommendations.
CSET 9.2 includes the following feature enhancements and upgrades:
• Web-based diagram editor
• Enhanced reporting
• New capability maturity model for financial sector customers
• National Credit Union Administration (NCUA) Automated Cybersecurity Examination Tool (ACET) Standard
• Financial sector risk assessment wizard
• New analysis for network diagram questions
• Transportation Security Administration (TSA) 2018 Pipeline security standard
• International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 standards
CSET output is a prioritized list of recommendations for improving the cybersecurity posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation links to a set of actions the user can apply to enhance cybersecurity controls.
CSET’s design calls for an easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as NIST, North American Electric Reliability Corporation (NERC), Transportation Security Administration (TSA), Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET opens a set of questions the user can answer. The answers to these questions end up compared against a selected security assurance level, and a detailed report ends up generated that shows areas for potential cybersecurity improvement. CSET provides a means to perform a self-assessment of the security posture of your control system environment.
Click here for update to CSET version 9.2.