The Cybersecurity and Infrastructure Security Agency (CISA) School Safety Task Force has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET-applicable to both information technology (IT) and industrial control system (ICS) networks-enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.
The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:
- Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
- Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
- Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.
Organizations can take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.
If you have any questions, you can reach out to SchoolSafety@hq.dhs.gov.
------------------------------
Adam Lustig
Director, Center for Safe Schools
National School Boards Association
Alexandria, VA
------------------------------