CISA Releases Cross-Sector Cybersecurity Performance Goals
Time 1 Minute Read
Categories: Cybersecurity, Information Security, U.S. Federal Law

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released a draft of the agency’s Cross-Sector Cybersecurity Performance Goals (“CPGs”) for critical infrastructure in the United States. The CPGs provide a common set of fundamental cybersecurity practices to guide critical infrastructure entities in measuring and improving their cybersecurity maturity.  

Developed in response to President Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, the CPGs are intended to supplement the National Institute of Standards and Technology's Cybersecurity Framework and offer a baseline of cybersecurity performance goals for Information Technology and Operational Technology.  The CPGs are divided into eight categories:

  • Account Security
  • Device Security
  • Data Security
  • Governance and Training
  • Vulnerability Management
  • Supply Chain/Third Party
  • Response and Recovery
  • Other

Each of the CPGs describes the risks the goal seeks to address, the ultimate security outcome, and the recommended actions to achieve the outcome. CISA noted that the CPGs are voluntary and designed to be easy to understand and communicate with non-technical audiences, including senior business leadership. CISA is now seeking comments on the CPGs from stakeholders in the critical infrastructure sectors via a dedicated website.

Tags: Biden Administration, Critical Infrastructure, Cyber Attack, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, United States
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 1 Minute Read
FTC Issues Second Report to Congress on Cyberattacks

On February 6, 2026, the Federal Trade Commission announced its second report to Congress on its efforts to combat ransomware and other cyber attacks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026

Congress has extended the Cybersecurity Information Sharing Act of 2015 through September 30, 2026 as part of the Consolidated Appropriations Act, a government funding package enacted in early February 2026.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
SEC Dismisses Remainder of SolarWinds Case

On November 20, 2025, the U.S. Securities and Exchange Commission issued a brief announcement that it filed a joint stipulation with defendants SolarWinds Corporation and its Chief Information Security Officer to dismiss, with prejudice, the SEC’s ongoing civil enforcement action against them.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Draft UK Cyber Security and Resilience Bill Enters UK Parliament 

On November 12, 2025, the UK government introduced the draft Cyber Security and Resilience (Network and Information Systems) Bill to the UK Parliament.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page