CISA Adds Ransomware Module to Cyber Security Evaluation Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

A Department of Homeland Security (DHS) product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system (ICS) networks.

CSET includes a series of requirement questionnaires derived from recognized government and industry standards and can output a list of recommendations that should help organizations improve the security of their networks, in line with best cybersecurity standards, guidelines, and practices.

The new Ransomware Readiness Assessment (RRA) module gets defenders through a step-by-step process to assess their threat readiness in respect to ransomware attacks.

“The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident,” CISA explains.

The tool was crafted for several different levels of ransomware threat readiness, so that all types of organizations can use it, regardless of their current preparedness or cybersecurity maturity.

The RRA offers ransomware threat readiness evaluation in a systematic, disciplined, and repeatable manner, helps assess both operational technology (OT) and IT network security practices, and delivers an analysis dashboard with graphs and tables to view assessment results.

Related: CISA Announces Vulnerability Disclosure Policy Platform

Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts

Related: U.S. Department of State Approves New Cyberspace Security Bureau