-
Notifications
You must be signed in to change notification settings - Fork 250
CSET 1.0.0 Release Notes
Jason Kuipers edited this page Jul 21, 2021
·
3 revisions
Planned release on August 2009
- Requirements from the Catalog of Control Systems Security: Recommendations for Standards Developers were added to the tool under the tab labeled Global. CSET includes Global 2008 and the newly created 2009 versions. Previously known as COR, these requirements present a compilation of practices that various industry bodies have recommended to increase the security of control systems from both physical and cyber attacks.
- Question sets were added for NIST SP800-53 Revision 3 (Final Public Draft) and NIST SP800-82, Revision 0 standards.
- The drawing tool was improved to include component labeling. The attributes of the text (character, size, bold, etc.) may be modified by the user. Other drawing tool improvements include the addition of “Snap to Grid” functionality and size adjustment to allow the diagram to be printed on multiple paper sizes.
- Functionality previously found in the CSVA tool for business cyber systems was incorporated into CSET. This allows the user to complete a vulnerability assessment on ten key areas based on international, audit community, and federal government standards and guidelines. The related printed report sections present assessment results ordered by vulnerability severity.
- CSET now provides two options to the user to determine the security levels associated with all revisions of NIST SP800-53 and the Global Assessments. If the user is familiar with NIST SP800-60 and FIPS 199 criteria, he/she may assign the Confidentiality, Integrity, and Availability levels directly. Otherwise, a new questions set will be spawned to guide the user through a series of questions developed to calculate the security levels. The user may override the calculated levels if desired.
- Standards mapping has been introduced in CSET. This allows the user to transfer the answers from one standard to another if the question and answer sets are comparable between the standards. Significant time and effort will be saved by the user not having to answer the same questions multiple times when completing questions from similar standards or multiple revisions of the same standard.
- Large reports created in Rich Text Format (RTF) may not display correctly in Microsoft Word. It is recommended that smaller sub-reports be created instead of one large report. The problem is seen in reports larger than about 400 pages.