Documentation
Support
In this article
PurposeProcessKey BenefitsHow to Obtain a BENTO:ATTESTATIONCertification
Home
General

Attestation and Certification

Edited

Bento Cyber Security Framework Attestation (BENTO:ATTESTATION) is a service that assists organizations in protecting their keycyber assets. It was developed by cybersecurity experts with support from CISA. The process provides organizations with a systematic and repeatable approach to assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.

Purpose

BENTO:ATTESTATION is a service for performing cybersecurity assessments of an organization's enterprise and industrial control cyber systems. It was designed to help asset owners identify vulnerabilities and improve the organization's overall cybersecurity posture by guiding them through a series of questions that represent network security requirements and best practices. The presented requirement questionnaires are based on selected industry standards, common requirements, and the network diagram (or network topology and architecture). The resulting BENTO:AUDIT:REPORT is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The process derives the recommendations from a database of cybersecurity standards, guidelines, and practices.

BENTO:ATTESTATION incorporates a variety of available standards from organizations such as NIST, North American Electric Reliability Corporation (NERC), Transportation Security Administration (TSA), U.S. Department of Defense (DoD), and others.  During scoping an appropriate standard is selected and an interview process is used to evaluate an organization's posture. 

Process 

The interviews take between 4 hours and 160 hours depending on the size of the organization and assessment used.  Typical timeline is as follows

  • Day 1. Scoping interview.

  • Day 2-14. Initial audit is performed using the BENTO:ATTESTATION process.

  • Day 14-21. Recommendations are submitted.

  • Day 21-45. Policies are developed.

  • Day 45-90. Controls are implemented.

  • Day 90-180. Controls are verified.

  • Day 180 (or sooner).  BENTO:ATTESTATION reassessment is completed.

  • Organization moves into maturity with re-assessments done as requested or every 12 months.

Key Benefits

  • BENTO:AUDIT  contributes to an organization's risk management and decision-making process.

  • Raises awareness and facilitates discussion on cybersecurity within the organization.

  • Highlights vulnerabilities in the organization's systems and provides recommendations on ways to address the vulnerability.

  • Identifies areas of strength and best practices being followed in the organization.

  • Provides a method to systematically compare and monitor improvement in the cyber systems.

  • Provides a common industry-wide tool for assessing cyber systems.

How to Obtain a BENTO:ATTESTATION 

Audits are performed by the TECHBENTO audit team and/or certified third parties.  You can begin the journey by requesting more info via box@bentosecurity.org.

Certification

Available last step in BCSF,  an auditor's report is prepared for your organization.