Cyber Evaluation Tool Update Releases

Monday, September 14, 2015 @ 03:09 PM gHale

The latest version of the Cyber Security Evaluation Tool (CSET), CSET 7.0, released last month.

CSET provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. It is a desktop software tool that guides asset owners and operators through a step-by-step process to analyze their ICS and IT network security practices using recognized government and industry standards and recommendations.

Security Tool Shifts to Private Sector
Practice Guide for Utilities from NIST
Collaborators Sought for Security Projects
Guide to Cut Cyber Risk for Energy Firms

To use the tool, select a standard and security assurance level (SAL), import or create a network diagram, then answer a series of questions about system components and architecture, as well as operational policies and procedures.

CSET compares the responses to the relevant security standards, assesses overall compliance, and provides recommendations for improving the system’s cyber security posture.

The interactive dashboard and customizable reports feature multiple charts, including standards compliance, top areas of concern, and prioritized controls based on real cyber security incident information. CSET also supports the ability to compare multiple assessments, establish a baseline, and determine trends.

New to the CSET 7.0 version:
• Additional standards:
– Cybersecurity Capability Maturity Model (C2M2), Version 1.1.
– Department of Defense (DoD) Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT).
– National Institute of Standards and Technology Interagency Report (NISTIR) 7628 Volume 1, Revision 1, Guidelines for Smart Grid Cybersecurity.
• The user interface ended up completely redesigned with a new, more modern look and intuitive interface. There are additional landing pages at each major step in the process that contain instructions to help the user understand the purpose of the associated sections.
• Improved the functionality of the Questions screen, which:
– Increased the responsiveness when answering questions and filtering.
– Added the ability to change the Question text size for improved readability.
– Updated the Supplemental Information section for questions related to the C2M2, NRC, COR 7, and Key standards.
• Added the ability to encrypt assessment files within CSET.

CSET is free to the public. Click here for additional information on CSET or to download a copy.