What are CSET’s limitations?
• It is important to recognize that CSET is only one component of a comprehensive cybersecurity program. CSET provides a good starting point to determine the baseline security posture of a system and may be useful in assessing the implementation status of your security program. –> • CSET does not provide an architectural analysis of the network or a detailed network hardware/software configuration review. CSET is not intended as a substitute for in-depth analysis of control system or enterprise network vulnerabilities as performed by trained cybersecurity professionals. Periodic onsite reviews and inspections must still be conducted using a holistic approach including scanning, penetration testing, facility walk-downs, and other security exercises. • CSET has a component focus rather than a system focus. Therefore, network hardware and software configuration analyses will be limited to the extent that they are defined by programmatic and procedural requirements. • CSET is not a risk a
