The US Department of Homeland Security (DHS) released the Cybersecurity Performance Goals (CPGs), voluntary practices that outline the highest-priority baseline measures businesses and critical infrastructure owners of all sizes can take to protect themselves against cyber threats. The CPGs were developed by DHS, through the Cybersecurity and Infrastructure Security Agency (CISA), at the direction of the White House. Over the past year, CISA worked with hundreds of public and private sector partners and analyzed years of data to identify the key challenges that leave the nation at unacceptable risk. By clearly outlining measurable goals based on easily understandable criteria such as cost, complexity, and impact, the CPGs were designed to be applicable to organizations of all sizes.
CISA developed the CPGs in close partnership with the National Institute for Standards and Technology (NIST). The resulting CPGs are intended to be implemented in concert with the NIST Cybersecurity Framework. DHS recommends that every organization should use the NIST Cybersecurity Framework to develop a rigorous, comprehensive cybersecurity program. The CPGs prescribe an abridged subset of actions – a kind of “QuickStart guide” – for the NIST CSF to help organizations prioritize their security investments.
In the months ahead, CISA will actively seek feedback on the CPGs from partners across the critical infrastructure community and has established a Discussions webpage to receive this input. CISA will also begin working directly with individual critical infrastructure sectors as it builds out sector-specific CPGs in the coming months.
To access these new CPGs or provide feedback, visit CISA.gov/cpgs.