CISA RRA Tool

CISA has released the Ransomware Readiness Assessment (RRA), a new module for its Cyber Security Evaluation Tool (CSET).

RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their IT, OT, ICS Assets.

This CSET module was tailored RRA to assess varying levels of ransomware threat readiness to be helpful to all orgs regardless of their cybersecurity maturity.

The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced. This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories.

How to use the RRA security audit tool

To use the self-assessment tool

1. Login or start the CSET application
2. Start a new assessment
3. Select Maturity Model within the Assessment Configuration screen
4. Select Ransomware Readiness Assessment from the Maturity Model screen
5. Now you are set to complete the RRA assessment. Review the tutorial for additional instruction, or the RRA guide found within the Help menu.

CISA has previously released Aviary, a tool to review post-compromise activity in Microsoft Azure Active Directory (AD), Office 365 (O365), and Microsoft 365 (M365) environments.

Aviary works by analysing data outputs generated using Sparrow, a PowerShell-based tool for detecting potentially compromised apps and accounts in Azure and Microsoft 365. 

CISA also released CHIRP (short for CISA Hunt and Incident Response Program), a Python-based forensics collection tool that detects signs of SolarWinds hackers’ activity on Windows systems.