The Cybersecurity and Infrastructure Security Agency has released the updated cybersecurity performance goals in alignment with the five functions of the National Institute of Standards and Technology’s Cybersecurity Framework.
The CPGs were initially made public in October as a set of voluntary practices that owners and operators of critical infrastructure can take to mitigate cybersecurity risks, CISA said Tuesday.
CISA updated the cross-sector goals based on feedback from stakeholders from multiple sectors and in accordance with the identify, protect, detect, respond and recover functions of NIST’s CSF.
The agency expects the CPGs to serve as a benchmark for critical infrastructure owners to assess and improve their cybersecurity maturity and as recommended security practices for owners of information technology and operational technology systems.
According to CISA, the goals recommend a subset of measures meant to help organizations prioritize their security investments. The updated goals arrived a week after CISA launched a pilot program to help protect critical infrastructure organizations against ransomware threats.