Automation and digitization trends have caused Cyber-Physical Systems (CPSs) to be deployed at an extremely fast rate. Due to the complexity and the heterogeneity of their components, CPSs face significant challenges to their security and protection. In recent years, several studies have been published to ensure the cyber-security of these systems. However, they adopt a qualitative approach or do not consider the post-disruption system recovery. In order to fill these gaps, we propose a resilience assessment framework for CPSs. The framework addresses the problem of cyber-security from a resilience perspective by providing quantitative methods for the assessment of known threats and the identification of currently unknown threats with large impact. The framework integrates the analysis of the recovery phase following a disruption and proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The framework develops around three phases, namely (1) modeling the CPS, (2) identifying disruption scenarios that may cause damage to the CPS, and (3) assessing the effects of resilience strategies. The application of the proposed framework is exemplified with reference to a power substation and associated communication network. The application does not strive to be exhaustive, rather, it guides the deployment of resilience assessment tools tailored to specific CPSs. Remarkably, the proposed framework supports resilience decision-making by quantifying the effects of the implementation of resilience strategies.