CISA releases new ransomware self-assessment security audit tool

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).

RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

This CSET module was tailored RRA to assess varying levels of ransomware threat readiness to be helpful to all orgs regardless of their cybersecurity maturity.

“The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced,” CISA says on the tool’s wiki page.

“This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories.”

CISA says the RRA can be used to defend against this growing threat as it effectively:

• Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
• Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
• Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

How to use the RRA security audit tool

To use the self-assessment tool, you have to first install CSET and then:

1. Login or start the CSET application
2. Start a new assessment
3. Select Maturity Model within the Assessment Configuration screen (this is the first screen you’re presented with after selecting “New Assessment”)
4. Select Ransomware Readiness Assessment from the Maturity Model screen
5. Now you are set to complete the RRA assessment. Review the tutorial for additional instruction, or the RRA guide found within the Help menu.

CISA has previously released Aviary, a tool to review post-compromise activity in Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments.

Aviary works by analyzing data outputs generated using Sparrow, a PowerShell-based tool for detecting potentially compromised apps and accounts in Azure and Microsoft 365. 

CISA also released CHIRP (short for CISA Hunt and Incident Response Program), a Python-based forensics collection tool that detects signs of SolarWinds hackers’ activity on Windows systems.