Today the DHS ICS-CERT published an announcement that they
have released version 7.1 of their Cyber Security Evaluation Tool (CSET). This
marks a change in that in recent years the new version updates have only been
announced in the next ICS-CERT Monitor.
According to the release notes the new version of the CSET
includes:
• NIST SP800-161 Supply Chain
Risk Management Practices for Federal Information Systems and Organizations was
added to CSET;
• NERC CIP compliance risk based
priority list;
• Enhanced dashboard;
• Requirements organized according
to standard: eg NERC CIP, CFATS, etc (including standards numbering scheme);
• Custom parameter values; and
• Doubled number of network components for network
diagrams
There is no indication whether or not the CSAT standards
have been updated with the specific requirements from the Chemical Facility
Anti-Terrorism Standards (CFATS) Expedited Approval Program. The EAP process specifies particular security controls instead of the more general Risk Based Performance Standards used for the majority of Site Security Plans.
It does not look like the CSET
Fact Sheet was updated for the new version of CSET since the Standards list
does not include the new SP800-161 and it includes an old-style (2014) DHS
email address for CSET.
The CSET
Downloading and Installing web page was, however, updated as you can
clearly see where they changed the CSET_x.x.iso to CSET_7.1.iso. It would have
helped, though, if they had removed the old instructions for the ‘x.x’
situation.
It does appear that the old options for either downloading
the CSET or requesting a disc from ICS-CERT remain in effect. Organizations
also still have the option of running the CSET evaluation themselves or
requesting an ICS-CERT team to help them with the process.
Posts
No comments:
Post a Comment