The Cyber Security Evaluation Tool (CSET®)
|“||provides a systematic and repeatable approach to assess the cybersecurity posture of ICS networks. CSET® is a stand-alone software tool that enables users to assess their network and ICS security practices against industry and government standards and it provides prioritized recommendations.||”|
CSET® is a self-assessment software standards application for performing cybersecurity reviews of industrial control and enterprise network systems. The tool may be used by any organization to assess the cybersecurity posture of ICS that manage a physical process or enterprise network. The tool also provides information that assists users in resolving identified weaknesses in their networks and improving their overall security posture.
CSET provides users in all infrastructure sectors with a systematic and repeatable approach for performing assessments against multiple standards, recommended security practices, and industry requirements. CSET®a provides a flexible question and answer format for performing assessments. Users may apply the tool to site-specific configurations, based on user-created diagrams and selection of specific standards for each assessment.
CSET® is a desktop software tool that guides users through a step-by-step question and answer process to collect facility-specific control and enterprise network information. The questions address topics such as hardware, software, administrative policies, and user obligations. After the user responds to the questions, the tool compares the information provided to relevant security standards and regulations, assesses overall compliance, and provides appropriate recommendations for improving the system's cybersecurity posture.
The tool pulls its recommendations from a database of the best available cybersecurity practices, which have been adapted specifically for application to control system and enterprise networks and components. Where appropriate, recommendations are linked to a set of prioritized actions that can be applied to remediate specific security vulnerabilities.
- "Overview" section: Common Cybersecurity Vulnerabilities in Industrial Control Systems, at 6-7.