CSET

简介

cset_banner_noVersion
CSET(Cyber Security Evaluation Tool)是来自美国国土安全部的一个网络安全评估工具,该工具支持多个安全标准如NIST信息安全标准NIST SP800-53和工业控制系统安全标准NIST SP800-82,NERC CIP以及国防部DOD Instruction 8500.2等。软件主要根据当前所选择的标准,通过问答的方式给出评估报告以及合理建议,可以很好的用来学习安全标准和风险评估。

使用指南

目前CSET的最新版本为6.0,软件安装时对系统有如下要求

In order to execute CSET, the following minimum system hardware and software is required:
Pentium dual core 2.2 GHz processor (Intel x86 compatible)
CD-ROM drive if creating a physical CD
2 GB free disk space
3 GB of RAM
Microsoft Windows 7* or higher
Microsoft Office compatible (.doc or .docx) document reader
Microsoft Visio 2007 or 2010 is required if Visio is the preferred tool to create or revise the network diagram. Visio 2013 is not currently supported
Microsoft Excel is required to open the network diagram inventory list
A Portable Document Format (PDF) reader such as Adobe Reader is required to view supporting documentation such as the standards; the latest version of Adobe Reader may be downloaded free from http://www.adobe.com/products/
CSET installs the Microsoft .NET Framework 4.5 Full Runtime, if required.
*It is highly recommended that Windows be fully patched through Windows Update.

软件截图

CSET1
CSET2
CSET3
CSET4
CSET5
CSET6

官方链接

Download CSET here
Cyber Security Evaluation Tool (CSET) Fact Sheet
Cyber Resilience Review and CSET Fact Sheet

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Advantech WebAccess

This advisory includes mitigations for stack-based buffer overflow, external control of file name or path, improper privilege management, and path tra. . . read more Tue, 23 Oct 2018 10:10:09 EDT

GAIN Electronic Co. Ltd SAGA1-L Series

This advisory includes mitigations for authentication bypass by capture-relay, improper access control, and improper authentication vulnerabilities in. . . read more Tue, 23 Oct 2018 10:05:48 EDT

Telecrane F25 Series

This advisory includes mitigations for an authentication bypass by capture-replay vulnerability in the Telecrane F25 Series software.. . . read more Tue, 23 Oct 2018 10:00:54 EDT

Omron CX-Supervisor

This advisory includes mitigations for improper restriction of operations within the bounds of a memory buffer, out-of-bounds read, use-after-free, an. . . read more Wed, 17 Oct 2018 08:55:45 EDT

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

This advisory includes mitigations for untrusted pointer dereference, out-of-bounds read, integer overflow to buffer overflow, path traversal, out-of-. . . read more Tue, 16 Oct 2018 14:44:39 EDT

NUUO NVRmini2 and NVRsolo

This advisory includes mitigations for stack-based buffer overflow and leftover debug code vulnerabilities in NUUO's NVRmini2 and NVRsolo network. . . read more Thu, 11 Oct 2018 10:10:11 EDT

NUUO CMS

This advisory includes mitigations for use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical res. . . read more Thu, 11 Oct 2018 10:05:11 EDT

Delta Industrial Automation TPEditor

This advisory includes mitigations for out-of-bounds write and stack-based buffer overflow vulnerabilities in the Delta Industrial Automation TPEditor. . . read more Thu, 11 Oct 2018 10:00:20 EDT

GE iFix

This advisory includes mitigations for an unsafe ActiveX control marked safe for scripting vulnerability in a Gigasoft component affecting GE’s iFix. . . read more Tue, 09 Oct 2018 10:30:34 EDT

Siemens SCALANCE W1750D

This advisory includes mitigations for a cryptographic issues vulnerability in Siemens' SCALANCE W1750D direct access point hardware.. . . read more Tue, 09 Oct 2018 10:25:37 EDT

Siemens ROX II

This advisory includes mitigations for improper privilege management vulnerabilities in the Siemens ROX II products.. . . read more Tue, 09 Oct 2018 10:20:19 EDT

Siemens SIMATIC S7-1200 CPU Family Version 4

This advisory includes mitigations for a cross-site request forgery vulnerability in the Siemens SIMATIC S7-1200 CPU products.. . . read more Tue, 09 Oct 2018 10:15:18 EDT

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller

This advisory includes mitigations for a denial of service from improper input validation vulnerability in the Siemens SIMATIC S7-1500, SIMATIC S7-150. . . read more Tue, 09 Oct 2018 10:10:22 EDT

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

This advisory includes information on the predictable from observable state, hidden functionality, and missing encryption of sensitive data vulnerabil. . . read more Tue, 09 Oct 2018 10:05:48 EDT

Fuji Electric Energy Savings Estimator

This advisory includes mitigations for an uncontrolled search path element (DLL Hijacking) vulnerability in the Fuji Electric Energy Savings Estimator. . . read more Tue, 09 Oct 2018 10:00:12 EDT

Carestream Vue RIS

This advisory includes mitigations for an information exposure through an error message vulnerability in the Carestream Vue RIS, a web-based radiology. . . read more Thu, 04 Oct 2018 10:10:11 EDT

Change Healthcare PeerVue Web Server

This advisory includes mitigations for an information exposure through an error message vulnerability in the Change Healthcare PeerVue Web Server.. . . read more Thu, 04 Oct 2018 10:05:49 EDT

WECON PI Studio

This advisory includes information on stack-based buffer overflow, out-of-bounds write, and out-of-bounds read vulnerabilities in WECON’s PI Studio. . . read more Thu, 04 Oct 2018 10:00:35 EDT

Delta Electronics ISPSoft

This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics ISPSoft software.. . . read more Tue, 02 Oct 2018 10:10:16 EDT

GE Communicator

This advisory includes mitigations for a heap-based buffer overflow vulnerability in GE's Communicator, an application for programming and monito. . . read more Tue, 02 Oct 2018 10:05:06 EDT