Overview[]
The Cyber Resilience Review (CRR) is a complimentary, voluntary program provided by the Cyber Security Evaluation Program (CSEP) within the Department of Homeland Security to develop an understanding of an organization's operational resilience and ability to manage cyber risks to its critical services and assets. The CRR pays special attention to protection and sustainment practices with their ten established key domains of cyber resilience, generating a report that summarizes observed strengths and weaknesses in each domain. The CRR may be conducted as a self-assessment or as an in-person, facilitated assessment.
The program also suggests general guidance or activities to improve the cybersecurity posture and preparedness of the organization. CRR resource guides in the series include these areas: asset management, controls management, configuration and change management, vulnerability management, incident management, service continuity management, risk management, external dependencies management, training awareness, and situational awareness.