U.S.
DEPARTMENT OF HOMELAND SECURITY
Office
of Public Affairs |
DHS Announces New
Cybersecurity Performance Goals for Critical Infrastructure CISA Developed Cross-Sector
Recommendations to Help Organizations Prioritize Cybersecurity Investments |
WASHINGTON – Today, the Department of Homeland Security released
the Cybersecurity Performance Goals (CPGs), voluntary practices that outline
the highest-priority baseline measures businesses and critical infrastructure
owners of all sizes can take to protect themselves against cyber threats. The
CPGs were developed by DHS, through the Cybersecurity and Infrastructure
Security Agency (CISA), at the direction of the White House. Over the past year, CISA
worked with hundreds of public and private sector partners and analyzed years
of data to identify the key challenges that leave our nation at unacceptable
risk. By clearly outlining measurable goals based on easily understandable
criteria such as cost, complexity, and impact, the CPGs were designed to be
applicable to organizations of all sizes. This effort is part of the
Biden-Harris Administration’s ongoing work to ensure the security of the
critical infrastructure and reduce our escalating national cyber risk.
“Organizations across the country increasingly understand that
cybersecurity risk is not only a fundamental business challenge but also
presents a threat to our national security and economic prosperity,” said
Secretary of Homeland Security Alejandro N. Mayorkas. “The new Cybersecurity
Performance Goals will help organizations decide how to leverage their
cybersecurity investments with confidence that the measures they take will
make a material impact on protecting their business and safeguarding our
country.” CISA developed the CPGs in close partnership with the National
Institute for Standards and Technology (NIST). The resulting CPGs are
intended to be implemented in concert with the NIST Cybersecurity Framework.
Every organization should use the NIST Cybersecurity Framework to develop a
rigorous, comprehensive cybersecurity program. The CPGs prescribe an abridged
subset of actions – a kind of “QuickStart guide” – for the NIST CSF to help
organizations prioritize their security investments.
“To reduce risk to the infrastructure and supply chains that
Americans rely on every day, we must have a set of baseline cybersecurity
goals that are consistent across all critical infrastructure sectors,” said
CISA Director Jen Easterly. “CISA has created such a set of cybersecurity
performance goals to address medium-to-high impact cybersecurity risks to our
critical infrastructure. For months, we’ve been gathering input from our
partners across the public and private sectors to put together a set of
concrete actions that critical infrastructure owners can take to drive down
risk to their systems, networks and data. We look forward to seeing these
goals implemented over the coming years and to receiving additional feedback
on how we can improve future versions to most effectively reduce
cybersecurity risk to our country.”
“The Biden-Harris Administration has relentlessly focused on
securing our Nation’s critical infrastructure since day one,” said Deputy
National Security Advisor for Cyber and Emerging Technologies Anne Neuberger.
“CISA has demonstrated tremendous leadership in strengthening our critical
infrastructure’s cyber resilience over the last year. The Cyber Performance
Goals build on these efforts, by setting a higher cybersecurity standard for
sectors to meet.”
“Given the myriad serious cybersecurity risks our nation faces,
NIST looks forward to continuing to work with industry and government
organizations to help them achieve these performance goals,” said Under
Secretary of Commerce for Standards and Technology and NIST Director Laurie
E. Locascio. “Our priority remains bringing together the right
stakeholders to further develop standards, guidelines and practices to help
manage and reduce cybersecurity risk.”
In the months ahead, CISA will actively seek feedback on the
CPGs from partners across the critical infrastructure community and has
established a Discussions webpage to receive this input. CISA will also
begin working directly with individual critical infrastructure sectors as it
builds out sector-specific CPGs in the coming months.
To access these new CPGs or provide feedback, visit CISA.gov/cpgs.
|
# # # |
Thursday, October 27, 2022
DHS Announces New Cybersecurity Performance Goals for Critical Infrastructure
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment