cyber security evaluation tool (cset ) version...
TRANSCRIPT
Cyber Security Evaluation Tool
(CSET ) Version 6.2
Industrial Control Systems Cyber Emergency Response
Team (ICS-CERT)
DHS NCCIC and ICS-CERT CSET
DHS CSET 6.2 Tool
• NIST Cybersecurity Framework
• NIST 800-30
• NIST 800-53 Rev 3
• NIST 800-53 Rev 4
• NIST 800-82 Rev 2
• NIST 1108
• NISTR 7628
• NERC CIP
• More!
National Cybersecurity and
Communications Integration Center
http://www.us-cert.gov/nccic/
• Stand-alone Software application
• Self-assessment using recognized standards
• Tool for integrating cybersecurity into existing corporate risk management strategy
CSET Download:
www.ics-cert.us-cert.gov/Downloading-and-Installing-CSET
DHS CSET
Organize the TeamSelect the
Mode and
Standards
Determine
the Security
Assurance
Level
Build the
Network
Diagram
Answer
Questions
Analyze
Results
Assessment Process
Assessment Process
A TEAM of participants is required
to perform a successful assessment
Type of Participant KnowledgeControl Systems Engineer Control systems
Configuration Manager Systems management
Operations Manager Business operations
IT Network Specialist IT infrastructure
IT Security Officer Policies & procedures
Risk Analyst or Insurance Specialist Risk
CSET Home
Video Tutorials (YouTube)
Resource Library
New Assessment Form
Standards Home - Step 1 Assessment Mode
Step 2 - Questions and Standards
Step 3 - Security Assurance Level
Step 3 – General SAL
Step 3 - NIST SAL
NIST SAL Impact Levels
NIST Step 2 Information Types
CNNSI SAL
NIST Step 3 Questions
Diagram – Tools, Templates, Inventory
Diagram – Tools, Templates, Inventory
Diagram – Zones, Layers
Diagram – Components
Questions – Family, Detail, Info
Analysis - Dashboard
Analysis Detail
Analysis Detail
Reports
System Security Plan
Use Multiple Assessments
Add Assessments
Trending
Compare
Sort By Best Sort By Worst
Site Total Questions Answered Yes No
Site A 560 300 260
Site B 342 300 42
Site C 268 152 116