The Cyber Resilience Review (CRR) is a lightweight assessment method that was created by the U.S. Department of Homeland Security (DHS) for the purpose of evaluating the cybersecurity and service continuity practices of critical infrastructure owners and operators. However, private sector organizations and foreign government bodies leverage the same CRR to evaluate enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others.
The CRR assessment strives to identify how an organization aligns its cybersecurity management activities to the performance or production of its critical services. The assessment consists of 299 questions, and is typically delivered in a 12 - 16 hour workshop led by a qualified facilitator over a period of two consecutive days. Our facilitator elicits answers from the organization’s personnel in cybersecurity, operations, physical security, and business continuity. Throughout the assessment workshop, your organization's team members will work together to record answers to the assessment kit (available at no charge), which will then be used to generate a complete 176-page analysis and report.
Certified Information Security facilitates your Cyber Resilience Review hands-on assessment
Performing a CRR against the NIST CSF is an ideal way to get started with establishing or improving enterprise-wide cyber security governance and best practices based on the NIST Cybersecurity Framework. Certified Information Security's Cyber qualified security assessors have been trained by official DHS Security assessors to facilitate private (not involving the DHS) CRR question-based assessments for organizations otherwise not eligible for DHS facilitation. Small teams often choose to attend regularly-scheduled public group assessment workshops, while larger teams typically opt to reserve discounted private on-site/virtual assessments.
The Cyber Resilience Review (CRR) assessment measures your organizations' current organizational cyber resilience, and provides a custom gap analysis of its cybersecurity maturity, and provides recommendations for improvement based on recognized best practices.
A 176-page assessment report is generated upon assessment completion that summarizes the assessment findings and gaps, and provides general guidelines or activities as to how your organization can improve its cybersecurity posture and preparedness in each category as recommended in various cybersecurity practices such as the CERT® Resilience Management Model (CERT-RMM), National Institute of Standard and Technology (NIST 800-53), and other cybersecurity standards.
The CRR assessment allows an organization to compare its capabilities to the criteria of the NIST Cybersecurity Framework*. This comparison is provided in the report's "NIST Cybersecurity Framework Summary" and explains where improvements can be made.
A NIST Cybersecurity Framework (NIST CSF) reference crosswalk mapping the relationship of the CRR goals and practices to the NIST CSF categories and subcategories is included in the CRR Assessment report as well.