Definition[]
Developed by the DHS National Cyber Security Division (NCSD) CIP CS Program, the Cyber Security Vulnerability Assessment (CSVA) is a flexible and scalable approach that analyzes an entity’s cybersecurity posture and describes gaps and targeted considerations that can reduce overall cyber risks.
Overview[]
The CSVA assesses the policies, plans, and procedures in place to reduce cyber vulnerabilities in ten categories (e.g., access control, configuration management, physical security of cyber assets, etc.) and leverages various recognized standards, guidance, and methodologies (e.g., International Organization for Standardization 27001, Information Systems Audit and Control Association (ISACA), Control Objects for Information and Related Technologies (COBIT), and the NIST Special Publication 800 series).