cset
by cisagov
CSET is a free software tool that guides organizations through cybersecurity risk assessments and compliance auditing to improve their critical infrastructure security posture.
Cybersecurity Evaluation Tool
Primary Use Case
CSET is primarily used by asset owners and cybersecurity professionals to evaluate vulnerabilities in industrial control systems and IT architectures by comparing facility-specific data against established cybersecurity standards. It facilitates risk assessment, compliance auditing, and provides actionable recommendations to enhance cybersecurity controls within critical infrastructure environments.
- Step-by-step guided process to collect facility-specific cybersecurity information
- Assessment of compliance against multiple cybersecurity standards and regulations
- Provides actionable recommendations linked to cybersecurity best practices
- Supports analysis of both industrial control systems (ICS) and IT architectures
- Documentation and reporting of identified cybersecurity vulnerabilities
- Available as standalone Windows application or client-server architecture
- Supports local installation and Docker-based deployment for Mac/Linux users
- Includes frameworks for risk assessment, compliance auditing, and security automation
Installation
- For Windows: Download local installers or enterprise binaries from the CSET Releases page
- Ensure system meets minimum requirements: Pentium dual core 2.2 GHz, 6 GB free disk space, 4 GB RAM, Windows 10 or higher
- Microsoft .NET 7 Runtime, ASP.NET Core 7 Runtime, and SQL Server 2022 LocalDB are included in the installation
- For Mac/Linux: Clone the repository
- Install Docker Desktop and allocate at least 10 GB of memory in Docker settings
- Copy environment variables: cp env.dist .env
- Run CSET using Docker Compose: docker compose up -d
- Load the database as per included make commands or instructions
Usage
>_ docker compose up -dStarts the CSET application in detached mode using Docker Compose for Mac/Linux users
>_ cp env.dist .envCopies the environment variable template to a working .env file for Docker configuration
- Integrate CSET outputs with SIEM platforms to automate compliance monitoring and vulnerability tracking.
- Use CSET's guided assessments to tailor purple team exercises focusing on compliance gaps and risk areas.
- Leverage CSET's multi-framework support to harmonize security controls across ICS and IT environments.
- Deploy CSET in continuous risk assessment workflows to proactively identify and remediate emerging vulnerabilities.
- Combine CSET reports with threat intelligence feeds to prioritize mitigation efforts based on current adversary tactics.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about cset. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
unleash
Unleash/unleash
Open-source feature management platform
the-practical-linux-hardening-guide
trimstray/the-practical-linux-hardening-guide
This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
how-to-secure-anything
veeral-patel/how-to-secure-anything
How to systematically secure anything: a repository about security engineering
404StarLink
knownsec/404StarLink
404StarLink - 推荐优质、有意义、有趣、坚持维护的安全开源项目
steampipe
turbot/steampipe
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Security-101
microsoft/Security-101
8 Lessons, Kick-start Your Cybersecurity Learning.