DHS ICS-CERT has released a new version of its free Cyber Security Evaluation Tool (CSET), CSET 7.1. CSET is a desktop software tool that organizations with industrial control systems (ICS) can use to provide a “systematic, disciplined, and repeatable approach” for evaluating its cybersecurity. It allows users to compare their IT and ICS security against recognized standards.
The new version:
- Incorporates supply chain management controls from NIST’s Supply Chain Risk Management Practices for Federal Information Systems and Organizations (NIST SP800-161).
- Incorporates the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Violation Risk Factors, to provide a priority ranked list of an asset owner’s NERC-CIP controls.
- Enhances the gaps analysis dashboard, providing additional information, simplifying navigation and improving access to detail charts.
- Presents questions and requirements in the order used by the standards that the organization is comparing itself against.
- Includes stencils for ICS, IT, medical, and emergency management radio components.
CSET is distributed freely to the public. For more information and to download the tool, visit https://ics-cert.us-cert.gov/Assessments.