Cyber Resilience Review 2.0 (CRR 2.0) / External Dependency Management (EDM) Training

Part of a U.S. Department of Homeland Security (DHS) initiative intended to help the nation’s critical infrastructure providers understand their operational resilience and ability to manage cyber risk.

• Assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others.
• Designed to measure existing organizational resilience and provide a gap analysis for improvement based on recognized best practices.
• Consists of 299 questions, typically delivered in a six-hour workshop
• All CRR 2.0 questions have three possible responses: “Yes,” “No,” and “Incomplete.”

Part of a U.S. Department of Homeland Security (DHS) initiative intended to help the nation’s critical infrastructure providers evaluate the external dependency management (supply chain) cybersecurity practices of critical infrastructure.

• Assesses enterprise programs and practices across three domains, including relationship formation, relationship management and governance, and service protection and sustainment.
• Consists of 105 questions, typically delivered in a three-hour workshop.
• Has three possible responses for each EDM question: “Yes,” “No,” and “Incomplete.”

Learning Objective (LO)

• LO1: Resilience Management 
• LO2: Critical Service
• LO3: Assessment Background
• LO4: Pre-Assessment Process
• LO5: Assessment Facilitation
• LO6: CRR 2.0 Domains:
  • Asset Management
  • Controls Management
  • Configuration and Change Management
  • Vulnerability Management
  • Incident Management
  • Service Continuity Management
  • Risk Management
  • External Dependencies Management
  • Training and Awareness
  • Situational Awareness
• LO7: EDM Domains:
  • Relationship Formation
  • Relationship Management and Governance
  • Service Protection and Sustainment
• LO8: Maturity Indicator Levels (MIL)
• LO9: Reporting 
• LO10: Conclusion
• LO11: Capstone