In July 2021, President Biden signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.
This memorandum required CISA, in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, to develop baseline cybersecurity performance goals that are consistent across all critical infrastructure sectors. These voluntary cross-sector Cybersecurity Performance Goals (CPGs) are intended to help establish a common set of fundamental cybersecurity practices for critical infrastructure, and especially help small- and medium-sized organizations kickstart their cybersecurity efforts.
The CPGs are a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. The goals were informed by existing cybersecurity frameworks and guidance, as well as the real-world threats and adversary tactics, techniques, and procedures (TTPs) observed by CISA and its government and industry partners. By implementing these goals, owners and operators will not only reduce risks to critical infrastructure operations, but also to the American people.
The CPGs are intended to be:
The CPGs emphasize desired, measurable outcomes rather than prescriptive processes, techniques, or procedures. This approach leads to defined results without specific directions regarding how those results will be obtained. It empowers asset owners and operators with the flexibility to implement the technologies and practices that work best with their company or facility. The Cyber Security Framework (CSF) is used as a subcategory within the Cyber Performance Goals (CPGs) functional-alignment map. Namely, it incorporates the 5 NIST elements:
At its core, implementing security hardening of infrastructure assets and applications ensures a layer of protection using the “defense-in-depth” approach within cyber security. Sicura’s product offering through the use of compliance scanning using different benchmarks and compliance standards helps organizations align closely with the NIST Cybersecurity Framework and as such the Cross-Sector Security Performance Goals initiated by the President.