US-CERT Cyber Resilience Review (CRR)

The Cyber Resilience Review (CRR) is a no-cost, voluntary, nontechnical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise practices and procedures across a range of 10 activity areas, including risk management, incident management, and service continuity. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.