The Cybersecurity and Infrastructure Security Agency yesterday released version 2.0 of its list of voluntary practices that businesses and critical infrastructure can incorporate to bolster their cybersecurity.
The Cross-Sector Cybersecurity Performance Goals, or CPGs, are a targeted subset of best practices, carefully selected through extensive consultation with industry leaders, government stakeholders and cybersecurity experts, the agency said in a statement. They are aligned with the National Institute of Standards and Technology’s Cybersecurity Framework 2.0 and offer a practical starting point for small and medium-sized organizations.
Specifically, the CPGs are designed to provide organizations with measurable actions to achieve a basic level of cybersecurity, bridge communications gaps between technical staff and organizational leadership, and offer clear guidance to inform both near- and long-term cybersecurity investments.
“These goals are applicable across all critical infrastructure sectors and offer foundational protection for organizations regardless of their cybersecurity maturity,” Acting CISA Director Madhu Gottumukkala said. “We encourage all organizations to adopt the new CPGs and continue sharing feedback to help us refine future iterations.”
The new version comes more than a year after the Federal Financial Institutions Examination Council listed the CISA cybersecurity performance goals as one of the voluntary frameworks that financial institutions can rely on after the FFIEC Cybersecurity Assessment Tool sunsetted earlier this year.
