Course

Cybersecurity Performance Goals (CPG) Assessment Training

Format
Document
Delivery
Live
Location type
Virtual/Online
CPG Information Page
Related topics:
Cybersecurity Best Practices, Organizations and Cyber Safety, Industrial Control Systems

Description

Description:  The CPG Training provides an overview of the Cross-Sector Cybersecurity Performance Goals (CPGs) as well as how to perform a CPG assessment using the CSET® tool. 

You'll learn how to: 

  • Perform a CPG assessment in CSET®
  • Utilize CPG Performance Summaries
  • Export a CPG assessment

General Information: This course is web-based, self-paced training. The course takes approximately 3 hours. 0.3 Continuing Education Units are awarded upon successful completion of the course. Difficulties? Email nhs-training@inl.gov.

 

Technology Requirements: For the course itself, the student does not need much in terms of technology. To take the class, they must have Internet access. 

 

In order to download CSET® if they'd like to participate in the course exercise where they complete a CSET® exercise, they'll need the following technology requirements (this comes from the CSET® website

 

Downloading and Installing CSET

The Cyber Security Evaluation Tool for CSET® provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations.

System Requirements for Local Installation

It is recommended that users meet the minimum system hardware and software requirements prior to installing CSET. This includes:

  • Pentium dual core 2.2 GHz processor (Intel x86 compatible)
  • 6 GB free disk space
  • 4 GB of RAM
  • Microsoft Windows 10 or higher
  • Microsoft .NET Core 5.0 Runtime (included in CSET installation)
  • SQL Server 2019 Express LocalDB (included in CSET installation)

Other Items of Note:

For all platforms, it is recommended the user upgrade to the latest Windows Service Pack and install critical updates available from the Windows Update web site to ensure the best compatibility and security.

Assessment

Cross-sector Cybersecurity Performance Goals (CPG)

Purpose

Evaluate whether a minimum baseline of cybersecurity technologies and practices are implemented in information technology (IT) and operational technology (OT) environments in small- and medium-sized organizations

Objectives
  • The Cross-sector Cybersecurity Performance Goals (CPG) training course is designed to empower students to facilitate a CPG assessment using the Cyber Security Evaluation Tool (CSET)

 

  • The CPGs are a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques

 

  • The goals were informed by existing cybersecurity frameworks and guidance, as well as by real-world threats and adversary tactics, techniques, and procedures (TTPs) CISA and its government and industry partners observed

 

  • By implementing these goals, owners and operators will reduce risks to both critical infrastructure operations and to the American people.

 

  • The assessment process depends on in-person interviews leveraging CSET to track responses, conduct posture analysis, and generate a report

 

Role

Assessment Lead

Course Length

3 hours

Course Mode

OnDemand

Contact

Please click here to register for the course.

If you have questions, please contact AESTraining@hq.dhs.gov for assistance.

Tags

Topics
Cybersecurity Best Practices, Organizations and Cyber Safety, Industrial Control Systems, Securing Networks
Audience
Federal Government, Industry, Small and Medium Businesses

Related Training

Course | Virtual/Online

High Value Assets Assessment (HVA) Training

The High Value Assets (HVA) course is designed to empower students to evaluate the federal government’s approach to managing risk and to provide an unbiased, third-party review of the government’s most critical HVA’s cybersecurity posture and operations.
Seminar/Workshop | Virtual/Online

Cyber Range Training Events

Cyber Range Training courses provide guided step-action labs for cyber practitioners to practice investigating, remediating, and incident response skills.