You are here

CISA Releases Cross-Sector Cybersecurity Performance Goals

CISA Releases Cross-Sector Cybersecurity Performance Goals

Created: Thursday, October 27, 2022 - 15:17
Categories:
Cybersecurity, Federal & State Resources

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Cross-Sector Cybersecurity Performance Goals (CPGs), which consist of voluntary, fundamental cybersecurity practices for critical infrastructure owners and operators to meaningfully reduce the likelihood of known risks and adversary techniques.

What Are the CPGs?
The CPGs provide voluntary guidance to critical infrastructure partners to help them prioritize security investments toward areas that will have the greatest impact on their cybersecurity, and they are developed to be implemented in concert with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, signed by President Biden in July 2021, mandated that CISA, in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, develop the CPGs.

The CPGs are:

  • Broadly applicable across critical infrastructure with known risk-reduction value;
  • A combination of recommended practices for IT and OT;
  • Intended to be especially helpful for small and medium-sized organizations to kickstart their cybersecurity efforts;
  • Voluntary - the National Security Memorandum does not create new authorities that compel owners and operators to adopt the CPGs or provide any reporting regarding or related to the CPGs to any government agency; and
  • Not comprehensive - they do not identify all the cybersecurity practices needed to protect national and economic security and public health and safety, instead capturing a core set of cybersecurity practices with known risk-reduction value broadly applicable across sectors.

References