The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new self-assessment auditing tool. The Ransomware Readiness Assessment (RRA) module should help companies assess their vulnerability towards modern-day hackers. Needless to mention, cyberattacks that lock sensitive and confidential data, are on the rise.
The CISA’s RRA module is part of the agency’s Cyber Security Evaluation Tool (CSET). Organizations that haven’t yet fallen victim to ransomware attacks must go through the self-administered audit. This could help them to ascertain their readiness against virtual or online threats.
The RRA module can assess varying levels of threat readiness irrespective of the assessing company’s “cybersecurity maturity”:
Any company can reportedly utilize the CEST RRA Module from the CISA. The agency has designed and compiled the self-assessment tool for all organizations
The tool does not assume the level of cybersecurity maturity. The official CISA GitHub page categorically notes:
“The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced.”
“This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories.”
Bad actors have targeted critical infrastructure owners and operators with ransomware. Make sure you are prepared. Download @CISAgov’s Ransomware Readiness Assessment Tool: https://t.co/hQkUy4nmLQ #CriticalInfrastructure https://t.co/CiFajWxx8A
— CISA Infrastructure Security (@CISAInfraSec) June 30, 2021
Following are the benefits of the RRA module:
- It helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
- RRA guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
- The module provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.
How to conduct a self-assessment ransomware readiness audit using the CEST RRA Module from the CISA:
To begin using the self-assessment audit tool, companies must first install Cyber Security Evaluation Tool (CSET).
- Login or start the CSET application
- Begin a new assessment session
- Select Maturity Model within the Assessment Configuration screen (this is the first screen users are presented with after selecting “New Assessment”)
- Select Ransomware Readiness Assessment from the Maturity Model screen
- Users can now run the RRA assessment. For additional help or guidance, review the tutorial, or the RRA guide found within the Help menu.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released the #Ransomware Readiness Assessment (RRA), a new module for its #Cyber #Security Evaluation Tool (CSET).
RRA is a security audit self-assessment tool for…https://t.co/WxosY9w4Rm https://t.co/XBTNBRzunl
— François Quiquet (@francoisquiquet) June 30, 2021
The RRA is just one of several self-assessment or auditing tools that aim to improve cybersecurity policies and protocols in all sizes of companies. Some of the previously released tools include Aviary, Sparrow, and CHIRP.