CSET Version 4.1 Available

Wednesday, April 4, 2012 @ 01:04 PM gHale


Version 4.1 of the Cyber Security Evaluation Tool (CSET) is now available for download, said officials at the Department of Homeland Security (DHS) Control Systems Security Program (CSSP).

CSET is a DHS product that assists organizations in protecting their key national cyber assets. This new version of the tool is on the CSSP website.

RELATED STORIES
Adobe Offers Malware Tool
Updated DHS Cyber Security Tool
Threat Alert Reaches New High
DoD Readies for Stuxnet-like Attack
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

CSET Version 4.1 provides users with the option of creating or modifying their network diagram in Microsoft Visio. This new functionality supplies a Visio stencil with network shapes recognized by CSET.

CSET imports the Visio diagram, assigns questions to the included components, and looks for general network vulnerabilities as if the diagram had been created within CSET itself. In addition, a diagram export function from CSET to Visio is also available.

Developed under the direction of the DHS’ NCSD by cyber security experts and with assistance from the National Institute of Standards and Technology (NIST), this tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes high-level and detailed questions related to all industrial control and IT systems.

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards.

The output from CSET ends up as a prioritized list of recommendations for improving the cyber security posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cyber security standards, guidelines, and practices. Each recommendation links to a set of actions that can apply to enhance cyber security controls.

Designed for easy installation and use on a stand-alone laptop or workstation, CSET incorporates a variety of available standards from organizations such as NIST, North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to answer.

The answers to these questions will the compare against a selected security assurance level, and a detailed report will show areas for potential improvement. CSET provides a means to perform a self-assessment of the security posture of your control system environment.



Leave a Reply

You must be logged in to post a comment.