{"id":3907,"date":"2022-12-07T05:31:16","date_gmt":"2022-12-07T05:31:16","guid":{"rendered":"https:\/\/itegriti.com\/kw022024\/?p=3907"},"modified":"2022-12-21T14:46:36","modified_gmt":"2022-12-21T14:46:36","slug":"cisa-releases-cross-sector-cybersecurity-performance-goals-to-assist-critical-infrastructure-organizations","status":"publish","type":"post","link":"https:\/\/itegriti.com\/kw022024\/2022\/compliance\/cisa-releases-cross-sector-cybersecurity-performance-goals-to-assist-critical-infrastructure-organizations\/","title":{"rendered":"CISA Releases Cross-Sector Cybersecurity Performance Goals to Assist Critical Infrastructure Organizations"},"content":{"rendered":"

Summary: CISA in cooperation with NIST and the interagency community released baseline Cybersecurity Cross-Sector Performance Goals<\/a><\/em> which are intended to help establish a common set of fundamental cybersecurity practices for critical infrastructure, and especially help small- and medium-sized organizations kickstart their cybersecurity efforts.\u00a0\u00a0<\/em><\/p>\n

Background and motivation<\/h2>\n

Unfortunately, it is no secret that the critical infrastructure sector in the United States does not implement enough levels of basic cybersecurity standards. There is no theoretical or philosophical basis for this worry. U.S. citizens have felt the effects of these lapses firsthand, whether it is ransomware attacks on hospitals or school districts or sophisticated nation-state operations on government institutions and essential infrastructure. The national security, economic security, and health and safety of the American people are all at stake as a result of these invasions.<\/p>\n

\u201cWe have heard a common refrain from organizations across the spectrum, from the largest multinational corporations to state and local governments, to critical infrastructure entities of all sizes: How can we focus investment toward the most impactful security outcomes?\u201d notes Jen Easterly, CISA Director.<\/p>\n

\u201cIt became clear that even with comprehensive guidance from sources like the NIST Cybersecurity Framework, many organizations would benefit from help identifying and prioritizing the most important cybersecurity practices along with support in making a compelling argument to ensure adequate resources for driving down risk,\u201d Easterly explains.<\/p>\n

In response to these concerns, President Biden signed in July 2021 the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems<\/a>. This memorandum required CISA, in coordination with NIST and the interagency community, to develop baseline cybersecurity goals that are consistent across all critical infrastructure sectors.<\/p>\n

What are the Cross-Sector Cybersecurity Performance Goals?<\/h2>\n

The Cross-Sector Cybersecurity Performance Goals<\/a> (CPGs) are a prioritized subset of cybersecurity practices for operational technology (OT) and information technology (IT) that owners and operators of critical infrastructure can use to significantly lower the likelihood and impact of known risks and adversary tactics. The objectives were influenced by current cybersecurity frameworks and recommendations as well as the threats and adversary tactics, methods, and procedures (TTPs) that CISA and its government and business partners had to deal with in the real world.<\/p>\n

According to the CISA CPG website, the document is intended to be:<\/p>\n