Vulnerability Assessments


As technology continues to evolve and the “Internet of Things” takes shape in New Jersey, new vulnerabilities are constantly emerging across the State's digital landscape. 

At OHSP, we are committed to balancing a growing demand for convenience, accessibility, and efficiency with the need for resilient critical infrastructure assets. 

We work with organizations across New Jersey to understand their strategic deployment of people, processes, and technologies, and to assess their cybersecurity posture.


The Cyber Security Evaluation Tool (CSET®) is a US Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. The tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.


The Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.

The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, and service continuity. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.


The Industrial Control System Cyber Emergency Response Team’s (ICS-CERT) Design Architecture Review (DAR) provides critical infrastructure asset owners and operators with a comprehensive technical review and cyber evaluation of the architecture and components that comprise their industrial control systems (ICS) operations. 

ICS-CERT’s Network Architecture Verification and Validation (NAVV) is a passive analysis of network traffic occurring within the ICS network.