CSET 7.1 Released – Some Updated Features
- CSET Tools, cyber security evaluation tools
ICS-CERT released the latest version of its Cyber Security Evaluation Tool (CSET), CSET 7.1, in February 2016. CSET provides a systematic, disciplined, and repeatable approach for evaluating an organization’s cybersecurity posture.
CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to analyze their ICS and IT network security practices using many recognized government and industry standards and recommendations.
- NIST SP800-161. This standard in- troduces supply chain management controls to CSET.
- NERC CIP Compliance Risk Based Priority List. Using the NERC CIP Violation Risk Factors, CSET 7.1 provides a priority ranked list of
an asset owner’s NERC-CIP con- trols based on assessment question answers and the assessor selection of questions or requirements.
- Enhanced Dashboard. The gaps
analysis dashboard has been redesigned and now includes addi- tional information and simpli ed navigation, improving access to detail charts.
- Requirements organized according to standard. When working with a single standard in the new CSET, users can see the questions and requirements presented in the order of the standard. Control identi ers are also based on the identi er used in the standard (e.g., AC-2) as opposed to arbitrary numbering. With this new version, users can perform text searches directly on the question screen, as well as sort and reorder questions based on how they apply to different standards.
- Custom Parameter Values. Users can now enter custom parameter values for standards with requirements that include parameters. Several standards allowed individual organizations to de ne their own time frequency or role de nitions for some controls. These parameter values can be cus- tomized and stored in CSET 7.1.
- Doubled Number of Network Components. The number of network components has been doubled in Version 7.1. CSET 7.1 includes stencils for ICS, IT, medical, and emergency management radio components.
CSET is distributed freely to the public. For additional information on CSET or to download a copy, go to https://www.us-cert.gov/forms/csetisoassessments. To report a problem or request a new feature, go to http://cset.inl.gov.
Original source can be found in ICS-CERT Monitor January – February 2016