Connect with us

Hi, what are you looking for?


Malware & Threats

CISA Adds Ransomware Module to Cyber Security Evaluation Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

A Department of Homeland Security (DHS) product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system (ICS) networks.

CSET includes a series of requirement questionnaires derived from recognized government and industry standards and can output a list of recommendations that should help organizations improve the security of their networks, in line with best cybersecurity standards, guidelines, and practices.

The new Ransomware Readiness Assessment (RRA) module gets defenders through a step-by-step process to assess their threat readiness in respect to ransomware attacks.

“The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident,” CISA explains.

The tool was crafted for several different levels of ransomware threat readiness, so that all types of organizations can use it, regardless of their current preparedness or cybersecurity maturity.

The RRA offers ransomware threat readiness evaluation in a systematic, disciplined, and repeatable manner, helps assess both operational technology (OT) and IT network security practices, and delivers an analysis dashboard with graphs and tables to view assessment results.

Advertisement. Scroll to continue reading.

Related: CISA Announces Vulnerability Disclosure Policy Platform

Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts

Related: U.S. Department of State Approves New Cyberspace Security Bureau

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.