CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs). In most instances, these goals will likely consist of either new, unique goals with direct applicability to a given sector, or materials to assist sector constituents with effective implementation of the existing cross-sector CPGs.
As there are 16 Critical Infrastructure sectors with varying needs, CISA will be tackling this effort in several phases. The first four sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Healthcare Sector, and K-12 Subsector on identifying approaches for how organizations in those sectors/subsector can enhance their cybersecurity posture through implementation of the existing body of cross-sector goals.
To achieve its sector-specific goals and development aims, CISA intends to actively engage with sector stakeholders, including holding multiple development workshops. While Sector Coordinating Councils will be one conduit for part of this outreach, CISA is committed to working closely with SRMAs to ensure that development of all sector-specific materials is done in an open and collaborative fashion, which includes participation from stakeholders of varying size and perspective. Read more at CISA.