The latest version of the Cyber Security Evaluation Tool (CSET), CSET 7.1, released in February.
CSET provides a systematic, disciplined, and repeatable approach for evaluating an organization’s cybersecurity posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to analyze their ICS and IT network security practices using recognized government and industry standards and recommendations.
• NIST SP800-161. This standard introduces supply chain management controls to CSET.
• NERC CIP Compliance Risk Based Priority List. Using the NERC CIP Violation Risk Factors, CSET 7.1 provides a priority ranked list of an asset owner’s NERC-CIP controls based on assessment question answers and the assessor selection of questions or requirements.
• Enhanced Dashboard. The gaps analysis dashboard ended up redesigned and now includes additional information and simplified navigation, improving access to detail charts.
• Requirements organized according to standard. When working with a single standard in the new CSET, users can see the questions and requirements presented in the order of the standard. Control identifiers also end up based on the identifier used in the standard (e.g., AC-2) as opposed to arbitrary numbering. With this new version, users can perform text searches directly on the question screen, as well as sort and reorder questions based on how they apply to different standards.
• Custom Parameter Values. Users can now enter custom parameter values for standards with requirements that include parameters. Several standards allowed individual organizations to define their own time frequency or role definitions for some controls. These parameter values can end up customized and stored in CSET 7.1.
• Doubled Number of Network Components. The number of network components doubled in Version 7.1. CSET 7.1 includes stencils for ICS, IT, medical, and emergency management radio components.
CSET is free to the public.
Click here for additional information on CSET.