Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. Resources & Tools
  3. Programs
Share:

Resources & Tools

  • All Resources & Tools
  • Services
  • Programs
  • Resources
  • Training
  • Groups

Assessment Evaluation and Standardization Program

In 2019, CISA launched the Assessment Evaluation and Standardization (AES) program to expand the availability of organizations and individuals qualified to administer cybersecurity assessments in accordance with CISA’s standards and in a manner that provides data back to CISA for risk management purposes.

Today, this program is only available for assessors affiliated with government entities (including federal civilian agencies, the Department of Defense, or State, Local, Tribal, and Territorial governments). CISA’s goal is to expand the AES program to enable assessors in the private sector to participate.

Goals

  • Produce a federal, and private sector, workforce of prepared and qualified assessors.
  • Ensure that assessors have the knowledge and skills necessary to conduct assessments according to the CISA standards and methodologies.
  • Ensure that assessment results are of high quality, consistent, and repeatable.

Courses

High Value Assets (HVA) Course

The HVA course empowers students to evaluate the federal government’s approach to managing risk, and provide an unbiased, third-party review of the government’s most critical HVA’s cybersecurity posture and operations. 

Cyber Resilience Review (CRR) Course

The CRR course focuses on operational resilience and cyber security best practices for critical infrastructure providers. The assessment evaluates the resiliency of all of the assets that support the organization's critical service.

External Dependencies Management (EDM) Course

The EDM  course gives students the capability to facilitate an assessment that provides critical infrastructure system owners and operators with an unbiased evaluation of their approach to managing third-party and supply chain dependencies.

Risk and Vulnerability Assessment (RVA) Course

The RVA course gives students the tools they would need to develop an in-depth technical analysis of an organization's security posture by emulating various attack paths discovered and documented by CISA and the cybersecurity industry.

Cybersecurity Performance Goals (CPG) Course

The CPG course is designed to enable students to facilitate a CPG assessment using the Cyber Security Evaluation Tool (CSET). CPGs are a prioritized subset of IT and OT practices that critical infrastructure owners can implement to reduce cyber risk.

Validated Architecture Design Review (VADR) Course

The VADR course enables students to evaluate Operational Technology systems within critical infrastructure networks for secure design and operational intent. The assessment uses a design review and packet analysis to inform a risk profile for owners.

Incident Management Review (IMR) Course

The (IMR) course equips students with the ability to assess a critical infrastructure organization's Incident Management program.  Assessment is part of a U.S. Department of Homeland Security critical infrastructure initiative for incident handling.

Find and Register for a Course

For fiscal year 2023 (FY23), visit AES Schedule webpage.

AES Program Training Schedule
  • Federal Government
  • State, Local, Tribal, and Territorial Government
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback