DHS ICS-CERT Cyber Security Evaluation Tool (CSET)

CSET is a free tool that can be used by any organization and has the DoD RMF process built-in to create the network architecture diagram, has a plug-in to import GrassMarlin network discovery and inventory files, and creates a Security Plan. 

Belarc Advisor

The tool is a data gathering and analysis tool for IT systems. The tool can be used in the Test and Development Environment to establish the preliminary Functional-Mission Capability Baseline and should be included on the Jump-Kit Rescue CD (if required).

MalwareBytes

MalwareBytes is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

OSForensics

OSForensics is COTS product (free and purchase versions) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

FireEye Redline

FireEye Redline is COTS product (free) that can be used by any organization for forensics of IT systems. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures.

Microsoft SysInternals Suite

The suite of tools can be used by any organization to evaluate OS and system performance and search for malware and isolate process and threads. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

Host-Based Scanning System (HBSS) /Assured Compliance Assessment Solution (ACAS) Tools

HBSS and ACAS are components of the DISA Endpoint Security Solutions (ESS) suite which is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DOD networks. The FRCS designer, construction and systems integrators will not typically have access to HBSS ACAS; CIO and DISA typically deploy the tools to the new systems being added to the DoD network.

Avast

Avast is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful AV and Malware detection tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

QualSys SSL Client and Browser Tool

This free online service performs a deep analysis of the configuration of any SSL/TLS web server on the public Internet, and client browsers. This tool should be used to conduct security audits. 

Security Onion

Security Onion is a free Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.

VirusTotal

VT is a free tool that can be used by any organization to analyze suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. The tool is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark Packet Captures (pcaps) are used to analyze network (wired and wireless) traffic.  BACnet and Modbus pcap files can be used in the TDE for training and practice to detect and contain malware. 

WhiteScope

WhiteScope is a free service that compares file contents and file hashes with "known good" files from ICS/SCADA installation media. This service is used in conjunction with the CYBERCOM Advanced Industrial Control Systems Tactics, Techniques and Procedures. 

Nomoreransomware

The website provides general guidance about ransomware  www.nomoreransom.org and a list of decrypted ransomware and intructions on how to recover systems  https://www.nomoreransom.org/en/decryption-tools.html.

Glasswire

Glasswire is a COTS product (free and purchase versions) can be used by any organization and is a simple but very powerful network, firewall, application, alerting and logging tool. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System.