CSET

简介

cset_banner_noVersion
CSET(Cyber Security Evaluation Tool)是来自美国国土安全部的一个网络安全评估工具,该工具支持多个安全标准如NIST信息安全标准NIST SP800-53和工业控制系统安全标准NIST SP800-82,NERC CIP以及国防部DOD Instruction 8500.2等。软件主要根据当前所选择的标准,通过问答的方式给出评估报告以及合理建议,可以很好的用来学习安全标准和风险评估。

使用指南

目前CSET的最新版本为6.0,软件安装时对系统有如下要求

In order to execute CSET, the following minimum system hardware and software is required:
Pentium dual core 2.2 GHz processor (Intel x86 compatible)
CD-ROM drive if creating a physical CD
2 GB free disk space
3 GB of RAM
Microsoft Windows 7* or higher
Microsoft Office compatible (.doc or .docx) document reader
Microsoft Visio 2007 or 2010 is required if Visio is the preferred tool to create or revise the network diagram. Visio 2013 is not currently supported
Microsoft Excel is required to open the network diagram inventory list
A Portable Document Format (PDF) reader such as Adobe Reader is required to view supporting documentation such as the standards; the latest version of Adobe Reader may be downloaded free from http://www.adobe.com/products/
CSET installs the Microsoft .NET Framework 4.5 Full Runtime, if required.
*It is highly recommended that Windows be fully patched through Windows Update.

软件截图

CSET1
CSET2
CSET3
CSET4
CSET5
CSET6

官方链接

Download CSET here
Cyber Security Evaluation Tool (CSET) Fact Sheet
Cyber Resilience Review and CSET Fact Sheet

Leave a Reply

Your email address will not be published. Required fields are marked *

最新工业控制系统漏洞

ICS-CERT Advisory Feed
Delta Electronics Delta Industrial Automation COMMGR

This advisory includes mitigations for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation COMMGR softwar. . . read more Thu, 21 Jun 2018 10:00:42 EDT

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix

This advisory includes mitigation recommendations for an improper input validation vulnerability reported in Rockwell Automation Allen-Bradley Compact. . . read more Thu, 21 Jun 2018 09:55:36 EDT

Natus Xltek NeuroWorks

This medical device advisory includes mitigations for stack-based buffer overflow and out-of-bounds read vulnerabilities in the Natus Xltek NeuroWorks. . . read more Thu, 14 Jun 2018 12:05:47 EDT

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C

This advisory includes mitigation recommendations for a permissions, privileges, and access controls vulnerability reported in Siemens SCALANCE X swit. . . read more Thu, 14 Jun 2018 10:10:00 EDT

Schneider Electric U.motion Builder

This advisory includes mitigations for a command injection, cross-site scripting, and improper input validation vulnerabilities in the Schneider Elect. . . read more Tue, 12 Jun 2018 14:31:11 EDT

Siemens SCALANCE X Switches

This advisory includes mitigation recommendations for a cross-site scripting vulnerability reported in Siemens SCALANCE X switches.. . . read more Tue, 12 Jun 2018 11:28:10 EDT

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway

This advisory contains mitigation recommendations for an unquoted search path or element vulnerability in the Rockwell Automation RSLinix Classic soft. . . read more Thu, 07 Jun 2018 11:55:09 EDT

Philips' IntelliVue Patient and Avalon Fetal Monitors

This medical device advisory includes mitigations for improper authentication, information exposure, and stack-based buffer overflow vulnerabilities i. . . read more Tue, 05 Jun 2018 10:05:11 EDT

ABB IP Gateway

This advisory contains mitigation recommendations for improper authentication, cross-site request forgery, and unprotected storage of credentials vuln. . . read more Tue, 05 Jun 2018 10:00:07 EDT

Delta Industrial Automation DOPSoft

This advisory contains mitigation recommendations for out-of-bounds read, heap-based buffer overflow, and stack-based buffer overflow vulnerabilities. . . read more Thu, 31 May 2018 10:10:11 EDT

GE MDS PulseNET and MDS PulseNET Enterprise

This advisory includes mitigations for improper authentication, improper restriction of XML external entity reference ('XXE'), and relative. . . read more Thu, 31 May 2018 10:05:11 EDT

Yokogawa STARDOM Controllers

This advisory includes mitigations for a hard-coded credentials vulnerability in the Yokogawa STARDOM Controller products.. . . read more Thu, 31 May 2018 10:00:11 EDT

BeaconMedaes TotalAlert Scroll Medical Air Systems

This medical device advisory includes mitigations for improper access controls, insufficiently protected credentials, and unprotected storage of crede. . . read more Thu, 24 May 2018 10:05:11 EDT

Schneider Electric Floating License Manager

This advisory includes mitigations for heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open r. . . read more Thu, 24 May 2018 10:00:05 EDT

BD Kiestra and InoquIA Systems

This medical device advisory includes mitigations for vulnerabilities in which the product user interface does not warn the user of unsafe actions in. . . read more Tue, 22 May 2018 10:05:00 EDT

Martem TELEM-GW6/GWM (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-18-142-01 Martem TELEM-GW6/GWM that was published May 22, 2018, on the NCCIC. . . read more Tue, 22 May 2018 10:00:00 EDT

Medtronic N'Vision Clinician Programmer

This medical advisory includes mitigations for a missing encryption of sensitive data vulnerability in Medtronic's N'Vision Clinician Progra. . . read more Thu, 17 May 2018 10:25:01 EDT

GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi

This advisory includes mitigations for an improper input validation vulnerability in the GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CP. . . read more Thu, 17 May 2018 10:15:17 EDT

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

This advisory includes mitigations for command injection, information exposure, and stack-based buffer overflow vulnerabilities in the PHOENIX CONTACT. . . read more Thu, 17 May 2018 10:10:01 EDT

Siemens SIMATIC S7-400 CPU

This advisory includes mitigations for an improper input validation vulnerability in the Siemens SINAMIC S7-400 CPU.. . . read more Thu, 17 May 2018 10:05:14 EDT