Tuesday, December 20, 2011

CSET™ Version 4.0.1 Available for Download

The Cyber Security Evaluation Tool (CSETTM) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets.

The Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has released an interim Version 4.0.1 of the Cyber Security Evaluation Tool (CSET™). This new version of the tool can be downloaded from the CSSP website:

http://us-cert.gov/control_systems/satool.html.

This interim Version 4.0.1 release addresses some minor issues identified in report formatting and corrects a problem with Zone Security Assurance Level (SAL) calculations.

Additionally, this release incorporates a new sub-report to isolate and show user comments in a single location, includes modifications to clarify how firewall analysis is performed, and improves upon the gap analysis for pass/fail standards.

Purpose of CSET

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards.

The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others.

When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.

Key Benefits of CSET
  • CSET contributes to an organization's risk management and decision-making process
  • Raises awareness and facilitates discussion on cybersecurity within the organization
  • Highlights vulnerabilities in the organization's systems and provides recommendations on ways to address the vulnerability
  • Identifies areas of strength and best practices being followed in the organization
  • Provides a method to systematically compare and monitor improvement in the cyber systems
  • Provides a common industry-wide tool for assessing cyber systems

No comments: