Releases: cisagov/cset
CSET v12.2.1.0
What’s New:
-
The NIST Cybersecurity Framework (CSF) 2.0: The NIST CSF provides guidance to industry, government agencies, and other organizations to reduce cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The Framework does not prescribe how outcomes should be achieved. Rather, it maps to resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. Building on previous versions, CSF 2.0 contains new features that highlight the importance of governance and supply chains.
-
Cybersecurity Maturity Model Certification (CMMC) 2.0: The CMMC framework consists of the security requirements from NIST SP 800-171 Rev 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and a subset of the requirements from NIST SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171. The CMMC model measures the implementation of cybersecurity requirements at three levels.
-
Feedback: Contact email updated to [email protected].
-
GitHub: CSET downloads are now available exclusively from GitHub.
-
Bug fixes and general quality of life improvements.
Algorithm: SHA256
Hash: 8361E0331069F430F69EC0BA9EA77789EB2260870C982014222437AECE6F6B73
Path: CSETStandAloneV12210.exe
CSET v12.1.2.0
What's New:
- This version of CSET contains better handling of the version column to support international users' import / export functionality.
Algorithm: SHA256
Hash: 402887EE204595B8BB1E24D7CA1B4DB0C1BB256F808A9DC2C13E81FE0D94AC32
Path: CSETStandAlone.exe
CSET v12.0.3.2
What's New:
- CSET version 12 includes the Incident Management Review (IMR) module. The IMR is based on the principle that a resilient incident management function can improve an organization's overall cyber resilience. The IMR consists of a series of questions, the answers to which provide insights into how an organization can improve its ability to identify, analyze, and respond to incidents in a repeatable manner.
Algorithm: SHA256
Hash: 2C7BF3FBF26C3B8767CFD0D2CAB2BD5C1CDEEC030112BF6B2E1C3846DC8A3FDF
Path: CSETStandAlone.exe
CSET v11.5.1.0
What's New:
-
Installation media now includes SQL Server LocalDB 2022 (up from 2019).
-
Bug fixes and general quality of life improvements.
Algorithm: SHA256
Hash: 3B7FD0F00F77B19D780D036C080EA2EB8C1FA69C6E20883AFE08899F0F13219E
Path: CSETStandAlone.exe
CSET v11.5.0.0
What's New:
-
Cybersecurity Performance Goals (CPG) 1.0.1: The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. The goals were informed by existing cybersecurity frameworks and guidance, as well as the real-world threats and adversary tactics, techniques, and procedures (TTPs) observed by CISA and its government and industry partners. This assessment is intended to help organizations determine the extent to which they have implemented the Goals, and to aid in identifying areas for potential future investment.
-
Minimum Viable Resilience Assessment (MVRA): MVRA assesses the critical service or services essential to the success of an organization’s mission and, if disrupted, would severely impact the organization’s operations or business. To accomplish this, an MVRA focuses on the Information Technology (IT) and Operational Technology (OT) used to deliver or secure the critical service. The assessment’s risk-informed approach centers on cybersecurity “capabilities” that the assessed entity and relevant systems must implement successfully to maintain resilience to cyber-attacks. Subjects of the review include people (staffing), technology, information, and facilities, as appropriate.
-
Land Mobile Radio (LMR) Rapid Assessment: This module is designed to assist system owners in assessing key aspects of a LMR system’s current cybersecurity status based on a subset of NIST SP 800-53 “Security and Privacy Controls for Information Systems and Organizations”. It provides guidance on responding to the control questions so that a LMR system owner can gain insights into the cybersecurity status of their LMR system and identify measures for improvement.
-
HHS 405 (d): The HHS 405(d) Program was established in response to the Cybersecurity Act of 2015. Under section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use.
-
Gallery View: Updated the Assessment page to be easier to use and intuitive. This simple design should allow for users to quickly navigate to the assessments that they are interested in.
-
Bug fixes and general quality of life improvements.
-
General screenshot updates for help material.
Algorithm: SHA256
Hash: B9B98AF0CB8AFBC73FCBFEE96C379C904628879B177B13EE669909065E5F4344
Path: CSETStandAlone.exe
CSET v11.2.0.0
What's new:
-
Updated Assessment Configuration Category selection screen: Assessment Categories selection screen provides dedicated categories to showcase the three major CSET offerings to the user: Cybersecurity Assessment Module (Maturity Models/Best Practices), Standard-Based Assessment, and Network Diagram (assessments are now streamlined to use a single category).
-
Module Content Report: Content feature added to the the Tools menu; offers convenient sharing of assessment/module builder content during the editing process while using the module builder function.
-
CISA Cyber Infrastructure Survey (CIS): An interactive assessment module that allows a user to compare their current assessment against a baseline. CIS is available in the Cybersecurity Assessment Module category under the "Critical Infrastructure" section.
-
Bug fixes and general quality of life improvements
-
General screenshot updates for help material
Algorithm: SHA256
Hash: 4366b00c50c25eb094d2aba571afb799ee38bba7f85f204ed98cfa0591560685
Path: CSETStandAlone.exe
CSET v11.0.1.3
- Improvements made to the stability of standalone installations.
- CSET Standalone is now running within Electron v17
NOTE: For users that have had issues running CSET Standalone v11.0.0.0 and greater, be sure to delete any corrupted database files located in the version folders located in the local user AppData directory (the path will look similar to C:\Users\%USERNAME%\AppData\Local\DHS\CSET
) prior to installation. The application will detach any deleted databases and provide a clean database (or attempt an upgrade if an older CSET database is detected on the system. This process will migrate any existing assessments to the currently installed version).
Algorithm: SHA256
Hash: AFCB4D44F0E6B152C1569993856F29E7592A82FE7F1C23850BDD31C4B4E7DE02
Path: CSETStandAloneV11013.exe
Enterprise CSET v11.0.1.2
Hotfix release to allow for enterprise installations on Windows Server.
CSET is now running on .NET 6.
The enterprise installation is now automated through the use of a PowerShell script called setup_enterprise.ps1
located in the enterprise binaries zip folder. This script will install SQL Server Express 2019, IIS, and the .NET 6 Hosting Bundle. The script will wait for each installation window to be closed before proceeding.
NOTE: Make sure to execute the script from a PowerShell terminal with administrator privileges.
CSET v11.0.1.0
This is bug fix release for CSET V11.0.0.0.
Users are now able to install CSET on Windows Server 2016.
Algorithm: SHA256
Hash: A4EBDDFF9064ADFEE7CB8A642DD7C1190E3C11795C37D2BB7F58196E65E356E1
Path: CSETStandAloneV11010.exe
CSET v11.0.0.0
Version 11.0 of CSET is a major update to CSET. It now runs on the .net Core 5.0 Framework, with future versions to come out on OSX and Linux. The MSSQL version has been updated to the latest available and in desktop mode it runs independent of the browser or IIS Express.
The 11.0 release of CSET includes CRR and updated CMMC 2.0.
Cyber Resilience Review (CRR):
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as a facilitated assessment. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
Added updates to standards:
• Draft CMMC 2.0
• TSA Pipeline Security Guidelines
• NIST 800-53 R5