Skip to content

Releases: cisagov/cset

CSET v11.5.0.0

16 Mar 21:27
Choose a tag to compare


What's New:

  • Cybersecurity Performance Goals (CPG) 1.0.1: The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. The goals were informed by existing cybersecurity frameworks and guidance, as well as the real-world threats and adversary tactics, techniques, and procedures (TTPs) observed by CISA and its government and industry partners. This assessment is intended to help organizations determine the extent to which they have implemented the Goals, and to aid in identifying areas for potential future investment.

  • Minimum Viable Resilience Assessment (MVRA): MVRA assesses the critical service or services essential to the success of an organization’s mission and, if disrupted, would severely impact the organization’s operations or business. To accomplish this, an MVRA focuses on the Information Technology (IT) and Operational Technology (OT) used to deliver or secure the critical service. The assessment’s risk-informed approach centers on cybersecurity “capabilities” that the assessed entity and relevant systems must implement successfully to maintain resilience to cyber-attacks. Subjects of the review include people (staffing), technology, information, and facilities, as appropriate.

  • Land Mobile Radio (LMR) Rapid Assessment: This module is designed to assist system owners in assessing key aspects of a LMR system’s current cybersecurity status based on a subset of NIST SP 800-53 “Security and Privacy Controls for Information Systems and Organizations”. It provides guidance on responding to the control questions so that a LMR system owner can gain insights into the cybersecurity status of their LMR system and identify measures for improvement.

  • HHS 405 (d): The HHS 405(d) Program was established in response to the Cybersecurity Act of 2015. Under section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led cybersecurity guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use.

  • Gallery View: Updated the Assessment page to be easier to use and intuitive. This simple design should allow for users to quickly navigate to the assessments that they are interested in.

  • Bug fixes and general quality of life improvements.

  • General screenshot updates for help material.

Algorithm: SHA256
Hash: B9B98AF0CB8AFBC73FCBFEE96C379C904628879B177B13EE669909065E5F4344
Path: CSETStandAlone.exe

CSET v11.2.0.0

20 Jul 15:16
Choose a tag to compare

What's new:

  • Updated Assessment Configuration Category selection screen: Assessment Categories selection screen provides dedicated categories to showcase the three major CSET offerings to the user: Cybersecurity Assessment Module (Maturity Models/Best Practices), Standard-Based Assessment, and Network Diagram (assessments are now streamlined to use a single category).

  • Module Content Report: Content feature added to the the Tools menu; offers convenient sharing of assessment/module builder content during the editing process while using the module builder function.

  • CISA Cyber Infrastructure Survey (CIS): An interactive assessment module that allows a user to compare their current assessment against a baseline. CIS is available in the Cybersecurity Assessment Module category under the "Critical Infrastructure" section.

  • Bug fixes and general quality of life improvements

  • General screenshot updates for help material

Algorithm: SHA256
Hash: 4366b00c50c25eb094d2aba571afb799ee38bba7f85f204ed98cfa0591560685
Path: CSETStandAlone.exe

CSET v11.0.1.3

11 Apr 17:56
Choose a tag to compare
  • Improvements made to the stability of standalone installations.
  • CSET Standalone is now running within Electron v17

NOTE: For users that have had issues running CSET Standalone v11.0.0.0 and greater, be sure to delete any corrupted database files located in the version folders located in the local user AppData directory (the path will look similar to C:\Users\%USERNAME%\AppData\Local\DHS\CSET) prior to installation. The application will detach any deleted databases and provide a clean database (or attempt an upgrade if an older CSET database is detected on the system. This process will migrate any existing assessments to the currently installed version).

Algorithm: SHA256
Hash: AFCB4D44F0E6B152C1569993856F29E7592A82FE7F1C23850BDD31C4B4E7DE02
Path: CSETStandAloneV11013.exe

Enterprise CSET v11.0.1.2

08 Mar 15:51
Choose a tag to compare

Hotfix release to allow for enterprise installations on Windows Server.
CSET is now running on .NET 6.

The enterprise installation is now automated through the use of a PowerShell script called setup_enterprise.ps1 located in the enterprise binaries zip folder. This script will install SQL Server Express 2019, IIS, and the .NET 6 Hosting Bundle. The script will wait for each installation window to be closed before proceeding.

NOTE: Make sure to execute the script from a PowerShell terminal with administrator privileges.

CSET v11.0.1.0

02 Feb 02:16
Choose a tag to compare

This is bug fix release for CSET V11.0.0.0.
Users are now able to install CSET on Windows Server 2016.

Algorithm: SHA256
Hash: A4EBDDFF9064ADFEE7CB8A642DD7C1190E3C11795C37D2BB7F58196E65E356E1
Path: CSETStandAloneV11010.exe

CSET v11.0.0.0

07 Jan 05:07
Choose a tag to compare

Version 11.0 of CSET is a major update to CSET. It now runs on the .net Core 5.0 Framework, with future versions to come out on OSX and Linux. The MSSQL version has been updated to the latest available and in desktop mode it runs independent of the browser or IIS Express.

The 11.0 release of CSET includes CRR and updated CMMC 2.0.

Cyber Resilience Review (CRR):
The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as a facilitated assessment. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
Added updates to standards:
• Draft CMMC 2.0
• TSA Pipeline Security Guidelines
• NIST 800-53 R5

Ransomware Readiness Assessment CSET v10.3

28 Jun 23:17
Choose a tag to compare

Please note we do not use java and are not vulnerable to the log4j vulnerability.

After review we do use log4net but are not using log4j

Download the installer file

Download CSETStandAlone.exe

Algorithm : SHA256
Hash : D7FBBEE8542D81B40E8E1D7D4AB1DC65D4EDBCB63248B1A080DE953D77BCA90B
Path : CSETStandAlone.exe

Accessing the Ransomware Readiness Assessment (RRA)

To use the RRA first follow the CSET installation instructions to properly install CSET.

Then do the following:

  1. Login or start the CSET application
  2. Start a new assessment

 create assessment

Figure: New Assessment

  1. Select Maturity Model within the Assessment Configuration screen (this is the first screen you're presented with after selecting "New Assessment")

 select maturity model

Figure: Select Maturity Model

  1. Select Ransomware Readiness Assessment from the Maturity Model screen

 select maturity model

Figure: Select Ransomware Readiness Assessment

  1. Now you are set to complete the RRA assessment. Review the tutorial for additional instruction or the RRA guide found within the Help menu.

CSET v10.2

19 Apr 13:26
Choose a tag to compare

This release includes the updated EDM, CMMC, NIST SP800-171 updates. Corrections to maturity models, fixed bugs and issues from the github repo.

CSET 10.1.1 Release November 2020

30 Nov 17:57
Choose a tag to compare

This release includes fixes to the AWWA Tool import.



CSET 10.1 Release October 2020

29 Oct 02:03
Choose a tag to compare

This release includes a number of bug fixes, new Capability maturity model features, CMMC, AWWA integration, and Wind Industry Reference Architecture Diagram.

SHA512 C323996117EC27ED59B70907663DAFBD456845C66270AC96753347E1FCD5A6246780AF1536E92B2DCE86FAD48548355CD217C74031DF4D527290AC8B91BAA1CE