Once an organization has a basic understanding of cybersecurity risks and vulnerabilities, a more detailed assessment can be used to determine mitigation actions and security controls. Some of the common tools used to perform assessments are listed below. The CSET tool is one of the more comprehensive tools available for small and medium-sized manufacturers. Organizations can explore resources available to help conduct assessments (e.g., IACs, MEPs, third party vendors).
Cyber Security Evaluation Tool (CSET): Comprehensive desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards.
NIST MEP Cybersecurity Assessment Tool: Online easy-to-use checklist that provides an assessment of business systems.
Department of Energy C2M2 Model: Model used to measure the maturity of an organization’s cybersecurity capabilities, developed by energy sector subject matter experts.
Department of Homeland Security Cyber Resilience Review: No-cost, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.