Security Assessment 

1. A framework for analyzing Cybersecurity vulnerabilities associated with an organization’s overall industrial control system (ICS) and information technology (IT) architecture.


2. A consistent and technically sound methodology to identify, analyze, and communicate to security professionals the various vulnerabilities and consequences that may be exploited by cyber means.


3. The means for the user to document a process for identifying Cybersecurity vulnerabilities.


4. Suggested methods to evaluate options for improvement based on existing Standards and recommended practices.

Objectives and Benefits


The primary objective of Cyber Security Evaluation is to reduce the risk of cyber-attacks by identifying potential cybersecurity vulnerabilities within a system or an organization. Cyber Security Evaluation implements a simple, transparent process that can be used effectively by all sectors to perform an evaluation of any network. It offers the following benefits:


  • Provides a repeatable and systematic approach for assessing the cybersecurity posture of a system, network, site, or facility.
  • Provides a comprehensive evaluation and comparison to existing industry Standards and regulations.
  • Combines the ICS and IT security knowledge and experience of many organizations.
  • Assists in the identification of potential vulnerabilities in the network design and security policies.
  • Provides guidelines for Cybersecurity solutions and mitigation's.
  • Provides access to a centralized repository of cybersecurity requirements.
  • Provides an opportunity for dialogue on security practices within the user's facility.
NIST Special Publication (SP) 800-53 Revision 4
Security and Privacy Controls for Federal Information Systems and Organizations.

NIST Special Publication 800-171
Protecting Unclassified Information in Nonfederal Information Systems and Organizations.

NIST Special Publication 800-115
Technical Guide to Information Security Testing and Assessment.