Cyber Security Evaluation Tool

(CSET ) Version 6.2

Industrial Control Systems Cyber Emergency Response

Team (ICS-CERT)

DHS NCCIC and ICS-CERT CSET

DHS CSET 6.2 Tool

• NIST Cybersecurity Framework

• NIST 800-30

• NIST 800-53 Rev 3

• NIST 800-53 Rev 4

• NIST 800-82 Rev 2

• NIST 1108

• NISTR 7628

• NERC CIP

• More!

National Cybersecurity and

Communications Integration Center

http://www.us-cert.gov/nccic/

• Stand-alone Software application

• Self-assessment using recognized standards

• Tool for integrating cybersecurity into existing corporate risk management strategy

CSET Download:

www.ics-cert.us-cert.gov/Downloading-and-Installing-CSET

DHS CSET

Organize the TeamSelect the

Mode and

Standards

Determine

the Security

Assurance

Level

Build the

Network

Diagram

Answer

Questions

Analyze

Results

Assessment Process

Assessment Process

A TEAM of participants is required

to perform a successful assessment

Type of Participant KnowledgeControl Systems Engineer Control systems

Configuration Manager Systems management

Operations Manager Business operations

IT Network Specialist IT infrastructure

IT Security Officer Policies & procedures

Risk Analyst or Insurance Specialist Risk

CSET Home

Video Tutorials (YouTube)

Resource Library

New Assessment Form

Standards Home - Step 1 Assessment Mode

Step 2 - Questions and Standards

Step 3 - Security Assurance Level

Step 3 – General SAL

Step 3 - NIST SAL

NIST SAL Impact Levels

NIST Step 2 Information Types

CNNSI SAL

NIST Step 3 Questions

Diagram – Tools, Templates, Inventory

Diagram – Tools, Templates, Inventory

Diagram – Zones, Layers

Diagram – Components

Questions – Family, Detail, Info

Analysis - Dashboard

Analysis Detail

Analysis Detail

Reports

System Security Plan

Use Multiple Assessments

Add Assessments

Trending

Compare

Sort By Best Sort By Worst

Site Total Questions Answered Yes No

Site A 560 300 260

Site B 342 300 42

Site C 268 152 116