cset fact sheet
TRANSCRIPT
8/3/2019 CSET Fact Sheet
http://slidepdf.com/reader/full/cset-fact-sheet 1/2
http://www.us-cert.gov/control_systems/satool.html
Cyber Security Evaluation Tool
(CSET)Performing an Assessmen
The Cyber Security Evaluation Tool (CSET) providesusers with a systematic and repeatable approach forassessing the cyber security posture of their industrialcontrol system networks. It also includes both high-level and detailed questions related to all industrialcontrol systems (ICS).
CSET was developed under the direction of theDepartment of Homeland Security (DHS) ControlSystems Security Program (CSSP) by cybersecurityexperts with assistance from the National Institute ofStandards and Technology. CSET is a desktopsoftware tool that guides users through a step-by-stepprocess to assess their control system networksecurity practices against recognized industrystandards. The output from CSET is a prioritized listof recommendations for improving the cybersecurityposture of your organization’s ICS or enterprisenetwork. CSET derives the recommendations from adatabase of cybersecurity standards, guidelines, andpractices. Each recommendation is linked to a set ofactions that can be applied to enhance cybersecuritycontrols.
CSET Assessment Process
The assessment process is accomplished by
following the six steps outlined below and shown inFigure 1:
Form Team: A team is formed by selecting cross-functional resources consisting of personnel familiarwith the various operational areas in yourorganization. For example, in the ICS environment,teams typically include representatives that arefamiliar with the ICS details such as seniormanagement, operations, information technology, ICSengineers, and security (physical and cyber).Organizations may add additional team membersdepending on the skills and/or expertise required tocomplete the assessment process.
Select Standards: CSET provides a list of securitystandards under the “Navigation” tab within the tool.Based on the user’s selections, CSET generatesquestionnaires associated with these standards foruse in the assessment process.
Determine Assurance Level: The SecurityAssurance Level (SAL) is based on the user’sanswers to a series of questions related to thepotential worst-case consequences of a successfulcyber attack. CSET will calculate a recommendedSAL for the facility or subsystem being assessed andthen provide the level of security rigor needed toprotect against a worst-case event. For NationalInstitute of Standards and Technology (NIST)-basedstandards and guidance, CSET also supports theFederal Information Processing Standards (FIPS) 199guidelines for determining the security categorizationof a system.
AssessmentDetails
AssessmentDetails
NavigationOptions
NavigationOptionsSelect
Standards Select Standards
QuestionsResponsesQuestionsResponses
PrioritizedComponentsPrioritizedComponentsAnalyze
Network Topology
Analyze Network Topology
GapAnalysisGap
Analysis
PrioritizedActions
PrioritizedActionsReview
Reports Review Reports
Determine Assurance Levels
Determine Assurance Levels
Answer Questions Answer Questions
Form Team Form Team
Figure 1: CSET Process Flow
8/3/2019 CSET Fact Sheet
http://slidepdf.com/reader/full/cset-fact-sheet 2/2
http://www.us-cert.gov/control_systems/satool.html
Cyber Security Evaluation Tool
(CSET)Performing an Assessmen
Analyze Network Topology: CSET contains agraphical user interface which allows users to buildthe control system network topology (includingcriticality levels) into the CSET software. By creating anetwork architecture diagram which is based oncomponents deemed critical to the organization, usersare able to define the organizations cybersecurityboundary and posture. An icon palette is provided forthe various system and network components, allowingusers to build a network architecture diagram bydragging and dropping components onto the screen.
Answer Questions: CSET generates questionsbased on the specified network topology, the SAL,and the security standards that were selected. Theassessment team then selects the best answer toeach question based on the system’s networkconfiguration and implemented security practices.CSET compares the answers provided by theassessment team with the recommended securitystandards and generates a list of security gaps and/orrecognized good practices.
Review Reports: CSET generates interactive orprinted reports. The reports provide a summary ofsecurity level gaps or areas that did not meet therecommendations of the selected standards. The
assessment team may then use this information toplan and prioritize mitigation strategies.
Assessment Logistics and Onsite Visits
CSSP may provide “over-the-shoulder” training andguidance to asset owners in using CSET during onsiteassessments. To assist an organization in planningand organizing for an assessment using the CSET,
the following actions and items are recommended:
Identify the assessment team members andschedule a date.
Become familiar with information about theorganization’s system and network by reviewingpolices and procedures, network topologydiagrams, inventory lists of critical assets andcomponents, risk assessments, IT and ICSnetwork policies/practices, and organizationalroles and responsibilities.
Select a meeting location to accommodate theassessment team during the question andanswer portion of the assessment.
Work with CSSP for onsite or subject mattersupport.
Typical DHS Control Systems Security ProgramOnsite Assessment
An example agenda for an onsite assessment fromCSSP would include the following activities:
1. ICS Awareness Briefing – 1 hour Cyber security awareness briefing CSET training and demonstration
2. IT and Enterprise Network Evaluation – 4hours
Policies and practices evaluation IT and control system interfaces Network component evaluation
3. ICS Evaluation – 4 to 6 hours Security Assurance Level determination Network topology evaluation Component questionnaire
4. Review
Wrap-up – 2 hours Generate reports and review security gaps Close-out briefing and recommendations
Obtaining Additional Information
To learn more about the CSET, [email protected]. For general program questions orcomments, contact [email protected] or visit
http://www.us-cert.gov/control_systems/.
About DHS and NCSD
The Department of Homeland Security (DHS) isresponsible for safeguarding our Nation’s criticalinfrastructure from physical and cyber threats that canaffect our national security, public safety, andeconomic prosperity. The National CybersecurityDivision (NCSD) leads the DHS efforts to securecyberspace and our Nation’s cyber assets andnetworks.