Today, CISA released updated Cross-Sector Cybersecurity Performance Goals (CPG 2.0) with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity.
This update incorporates lessons learned, aligns with the most recent National Institute of Standards and Technology Cybersecurity Framework revisions, and addresses the most common and impactful threats facing critical infrastructure today.
CPG 2.0 includes a new component focused on the essential role of governance in managing cybersecurity. It emphasizes accountability, risk management, and strategic integration of cybersecurity into day-to-day operations, reinforcing the principle that effective governance is the cornerstone of a resilient cyber posture.
CPGs are streamlined and outcome-driven cybersecurity protections for information technology and operational technology environments and provide:
- Clear, foundational practices aligned with real-world threats.
- Straightforward, outcome-oriented language to aid implementation.
- A baseline for guiding investment, benchmarking progress, and reducing risk in measurable ways.