CISA Releases Cross-Sector Cybersecurity Performance Goals

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a series of Cybersecurity Performance Goals (CPGs) aimed at helping critical infrastructure sector partners prioritize cybersecurity best practices. The CPGs, developed at the direction of the White House, in coordination with the National Institute for Standards and Technology (NIST) and other agencies, provide voluntary guidance emphasizing those areas that will have the greatest impact on improving cyber resilience. CISA describes the goals document as a “quick-start guide” to help organizations adopt the NIST Cybersecurity Framework (CSF) and begin working towards a more comprehensive cybersecurity program. The CPGs apply to both information technology and operational technology.

Along with the CPGs, CISA is releasing an accompanying CPG Checklist that prioritizes each Goal by Cost, Impact, and Complexity.

CISA set up a Discussions page to receive feedback and ideas for new CPGs from partners from the critical infrastructure community. They plan to update the CPGs regularly and will work directly with individual critical infrastructure sectors as they build out sector-specific CPGs in the coming months.

To learn more about these new CPGs, visit Cross-Sector Cybersecurity Performance Goals and Objectives | CISA.