cset fact sheet

8/3/2019 CSET Fact Sheet

http://slidepdf.com/reader/full/cset-fact-sheet 1/2

http://www.us-cert.gov/control_systems/satool.html

Cyber Security Evaluation Tool

(CSET)Performing an Assessmen

The Cyber Security Evaluation Tool (CSET) providesusers with a systematic and repeatable approach forassessing the cyber security posture of their industrialcontrol system networks. It also includes both high-level and detailed questions related to all industrialcontrol systems (ICS).

CSET was developed under the direction of theDepartment of Homeland Security (DHS) ControlSystems Security Program (CSSP) by cybersecurityexperts with assistance from the National Institute ofStandards and Technology. CSET is a desktopsoftware tool that guides users through a step-by-stepprocess to assess their control system networksecurity practices against recognized industrystandards. The output from CSET is a prioritized listof recommendations for improving the cybersecurityposture of your organization’s ICS or enterprisenetwork. CSET derives the recommendations from adatabase of cybersecurity standards, guidelines, andpractices. Each recommendation is linked to a set ofactions that can be applied to enhance cybersecuritycontrols.

CSET Assessment Process

The assessment process is accomplished by

following the six steps outlined below and shown inFigure 1:

Form Team: A team is formed by selecting cross-functional resources consisting of personnel familiarwith the various operational areas in yourorganization. For example, in the ICS environment,teams typically include representatives that arefamiliar with the ICS details such as seniormanagement, operations, information technology, ICSengineers, and security (physical and cyber).Organizations may add additional team membersdepending on the skills and/or expertise required tocomplete the assessment process.

Select Standards: CSET provides a list of securitystandards under the “Navigation” tab within the tool.Based on the user’s selections, CSET generatesquestionnaires associated with these standards foruse in the assessment process.

Determine Assurance Level: The SecurityAssurance Level (SAL) is based on the user’sanswers to a series of questions related to thepotential worst-case consequences of a successfulcyber attack. CSET will calculate a recommendedSAL for the facility or subsystem being assessed andthen provide the level of security rigor needed toprotect against a worst-case event. For NationalInstitute of Standards and Technology (NIST)-basedstandards and guidance, CSET also supports theFederal Information Processing Standards (FIPS) 199guidelines for determining the security categorizationof a system. 

AssessmentDetails

AssessmentDetails

NavigationOptions

NavigationOptionsSelect 

Standards Select Standards 

QuestionsResponsesQuestionsResponses

PrioritizedComponentsPrioritizedComponentsAnalyze 

Network Topology 

Analyze Network Topology 

GapAnalysisGap

Analysis

PrioritizedActions

PrioritizedActionsReview 

Reports Review Reports 

Determine Assurance Levels 

Determine Assurance Levels 

Answer Questions Answer Questions 

Form Team Form Team 

Figure 1: CSET Process Flow

8/3/2019 CSET Fact Sheet

http://slidepdf.com/reader/full/cset-fact-sheet 2/2

http://www.us-cert.gov/control_systems/satool.html

Cyber Security Evaluation Tool

(CSET)Performing an Assessmen

Analyze Network Topology: CSET contains agraphical user interface which allows users to buildthe control system network topology (includingcriticality levels) into the CSET software. By creating anetwork architecture diagram which is based oncomponents deemed critical to the organization, usersare able to define the organizations cybersecurityboundary and posture. An icon palette is provided forthe various system and network components, allowingusers to build a network architecture diagram bydragging and dropping components onto the screen.

Answer Questions: CSET generates questionsbased on the specified network topology, the SAL,and the security standards that were selected. Theassessment team then selects the best answer toeach question based on the system’s networkconfiguration and implemented security practices.CSET compares the answers provided by theassessment team with the recommended securitystandards and generates a list of security gaps and/orrecognized good practices.

Review Reports: CSET generates interactive orprinted reports. The reports provide a summary ofsecurity level gaps or areas that did not meet therecommendations of the selected standards. The

assessment team may then use this information toplan and prioritize mitigation strategies.

Assessment Logistics and Onsite Visits

CSSP may provide “over-the-shoulder” training andguidance to asset owners in using CSET during onsiteassessments. To assist an organization in planningand organizing for an assessment using the CSET,

the following actions and items are recommended:

Identify the assessment team members andschedule a date.

Become familiar with information about theorganization’s system and network by reviewingpolices and procedures, network topologydiagrams, inventory lists of critical assets andcomponents, risk assessments, IT and ICSnetwork policies/practices, and organizationalroles and responsibilities.

Select a meeting location to accommodate theassessment team during the question andanswer portion of the assessment.

Work with CSSP for onsite or subject mattersupport.

Typical DHS Control Systems Security ProgramOnsite Assessment

An example agenda for an onsite assessment fromCSSP would include the following activities: 

1. ICS Awareness Briefing – 1 hour  Cyber security awareness briefing  CSET training and demonstration

2. IT and Enterprise Network Evaluation – 4hours 

  Policies and practices evaluation  IT and control system interfaces  Network component evaluation

3. ICS Evaluation – 4 to 6 hours  Security Assurance Level determination  Network topology evaluation  Component questionnaire

4. Review                                                          

Wrap-up – 2 hours  Generate reports and review security gaps  Close-out briefing and recommendations

Obtaining Additional Information

To learn more about the CSET, contactcset@dhs.gov. For general program questions orcomments, contact cssp@dhs.gov or visit

http://www.us-cert.gov/control_systems/.

About DHS and NCSD

The Department of Homeland Security (DHS) isresponsible for safeguarding our Nation’s criticalinfrastructure from physical and cyber threats that canaffect our national security, public safety, andeconomic prosperity. The National CybersecurityDivision (NCSD) leads the DHS efforts to securecyberspace and our Nation’s cyber assets andnetworks.