[CDP-development] CISA Announces Cross-Sector Cybersecurity Performance Goals; Stakeholder Call Today

[Masse, Theresa]

FYSA



Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a set of cross-sector Cybersecurity Performance Goals (CPGs)<https://www.cisa.gov/cpgs>, which were developed at the direction of the White House<https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems/>, in coordination with the National Institute for Standards and Technology (NIST) and other agencies



The CPGs provide voluntary guidance to critical infrastructure partners to help them prioritize security investments toward areas that will have the greatest impact on their cybersecurity, and they are developed to be implemented in concert with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Every organization should use the NIST Cybersecurity Framework to develop a rigorous, comprehensive cybersecurity program. The CPGs prescribe an abridged subset of actions – a kind of “QuickStart guide” – for the NIST CSF to help organizations prioritize their investments.



Along with the CPGs themselves, CISA is releasing an accompanying Checklist <https://www.cisa.gov/sites/default/files/publications/CISA_CPG_CHECKLIST_508c.pdf> that prioritizes each Goal by Cost, Impact, and Complexity.



CISA developed the CPGs based on extensive feedback from partners with the goal of creating a final product that reflects input from a wide range of groups including federal agencies, the private sector, and international partners. We achieved this goal via written comments, workshops, listening sessions, and focused discussions with experts across a variety of disciplines.



**We would like to invite you to participate in a stakeholder call today at noon, EDT to hear a briefing from CISA’s Executive Assistant Director for Cybersecurity Eric Goldstein on the CPGs, their purpose, and how to use them.  This call also includes an open Q&A session for all participants.



Conference Call Information

Date: Oct. 27, 2022

Time: 12:00pm EDT

Dial in: Participant Dial In: 1-800-857-6546; Passcode: 3911128



Following the release of the CPGs, CISA will continue taking input and welcomes feedback from partners from across the critical infrastructure community. In fact, CISA has already set up a Discussions page<https://github.com/cisagov/cybersecurity-performance-goals> to receive feedback and ideas for new CPGs, plans to regularly update the CPGs, and will work directly with individual critical infrastructure sectors as we build out sector-specific CPGs in the coming months. To learn more about these new CPGs and the process behind developing them, visit Cross-Sector Cybersecurity Performance Goals and Objectives | CISA<https://www.cisa.gov/cpgs>.



Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D8E9D1.33640820]





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221027/2b82dc2c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20221027/2b82dc2c/attachment-0001.png>