CSET 6.0.0 Release Notes

CSET 6.0.0

Planned release on February 2014

New Features and Enhancements 🆕

• The ability to work with more than one assessment at once was added. It is called Aggregation. There are three types of aggregation as discussed below: Trend, Compare, and Merge. The analysis resultof Trend and Compare is a report. The result of the Merge function is a new assessment.
  • Trend shows cumulative changes to a facility over time by analyzing several assessments of the same facility completed, say, annually. Analysis results include a display of the overall compliance by percent ranged over the time period covered by the loaded assessments, compliance of each assessment by security area, and the top five most and least improved security topic areas.
  • Compare looks at multiple assessments to determine their strengths and weaknesses and creates a summary compliance report. This would be helpful for a facility consisting of several sites, each with their own completed assessment. Analysis results include an overall compliance summary by standard and component answers and broken out by security area, a list of commonly missed questions, a comparison of compliance by the individual assessmentsby standard and component answers and by security area, and a display of the percent of each answer option by assessment and security area ordered as best to worst compliance.
  • Merge joins several partial assessment files into a cohesive whole in the case where, for example, members of the assessment team were each assigned a portion of the assessment and each created an incomplete or partial assessment file. Choosing this option creates a new, single assessment file which can be opened and edited in CSET.
• Usability of the network diagram interface was improved by streamlining the drawing and editing tools. Adding a Zone box was made more intuitive.
• The ability to create a component inventory list from the diagram components was added. The list opens in Microsoft Excel where it is fully editable. The list can also be included in some of the printable reports.
• A new printable report option was added. It is called a Security Plan and is formatted as a template with example text to aid the user in addressing relevant security topics. It provides an overview of thesecurity requirements of the assessed system and describes the controls in place or planned for meeting those requirements. The control list is grouped by security control.
• Access to the video tutorials was changed from a large download to viewing on YouTube. The videos are still context-specific meaning that if accessed from a particular screen, the video will discuss that screen, but all the videos are available for viewing at any time. An active Internet connection and web browser are needed to open YouTube. This resolves the video issue noted for CSET Release 5.1.

New Standards Included 📑

• NEI 08-09 Cyber Security Plan for Nuclear Power Reactors
• NISTIR 7628, Guidelines for Smart Grid Cyber Security, Vol 1
• INGAA Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry
• NIST Special Publication 800-53, Rev 4, Appendix J
• NIST Special Publication 800-82, Rev 1
• CNSSI No. 1253 (ICS) Overlay Version 1

Issues:

• When opening a CSET assessment, diagram, or aggregation file received via email or the internet, it may fail to function if the temporary folder assigned by the email or internet application becomes locked or is removed. This happens because files attached to emails are often stored in a Temp folder which is deleted or locked when the email application is closed. If a CSET file is open in CSETwhen the email application is closed and the Temp folder deleted, the CSET file can become corrupted and unusable.
  • The issue can be prevented by downloading and saving the CSET file to a new location beforeopening it in CSET.
• Occasionally the PDF version of the Executive Summary report will have spurious line spaces in the Top 5 List.
  • The issue can be resolved by creating a DOCX version of the report and saving it to a PDF format.