Introduction
CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive cybersecurity assessment that uses recognized government and industry standards and recommendations. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization’s enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls. [1]
CSET Benefits
- CSET contributes to an organization’s risk management and decision-making process
- Raises awareness and facilitates discussion on cybersecurity within the organization
- Highlights vulnerabilities in the organization’s systems and provides recommendations on ways to address the vulnerabilit
- Identifies areas of strength and best practices being followed in the organization
- Provides a method to systematically compare and monitor improvement in the cyber systems
- Provides a common industry-wide tool for assessing cyber systems
Version 9.0 Update
CSET 9.2 includes the following feature enhancements and upgrades: [2]
- Web-based diagram editor
- Enhanced reporting
- New capability maturity model for financial sector customers
- National Credit Union Administration (NCUA) Automated Cybersecurity Examination Tool (ACET) Standard
- Financial sector risk assessment wizard
- New analysis for network diagram questions
- Transportation Security Administration (TSA) 2018 Pipeline security standard
- International Society of Automation (ISA)/International Electrotechnical Commission (IEC) 62443 standards
CDSBureau encourages users to update to CSET version 9.2, available at https://github.com/cisagov/cset/wiki.
[1] https://cset.inl.gov/SitePages/Home.aspx[2] https://www.us-cert.gov/ncas/current-activity/2019/11/04/cset-version-92-now-available