Skip to main content

The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.

On This Page:
Downloadable Resources
Development of the CRR
Relationship to the Cybersecurity Framework
Ten Domains
Flexibility of the Approach
Two Options: Self-Assessment or Facilitated Session
CRR Final Report
Protection of Information