We’re using GitHub discussions as a place to connect and engage in critical conversations with other members in the community. We hope that you will:
- Ask questions if something doesn't make sense.
- Share your thoughts on existing, and ideas for future, cybersecurity performance goals (CPGs).
- Engage with us and other community members on ideas and actions to update and improve future versions of the CPGs.
- Welcome others and maintain an open mind.
On July 28, 2021, the President signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. The National Security Memorandum (NSM) establishes a voluntary initiative intended to drive collaboration between the Federal Government and the critical infrastructure community to improve cybersecurity of control systems.
The NSM identifies the “need for baseline cybersecurity goals that are consistent across all critical infrastructure sectors, as well as a need for security controls for select critical infrastructure that is dependent on control systems.” It instructs the Department of Homeland Security (DHS) to lead the development of cross-sector cybersecurity performance goals as well as sector-specific cybersecurity performance goals.
The CPGs were developed based on CISA’s operational data, widely published research on the current threat landscape, and collaboration with industry groups, and private sector experts. While the CPGs were developed with critical infrastructure in mind, they are more broadly useful for other organizations as well. Organizations of all sizes can use the CPGs to prioritize which security goals reduce the most risk to their environment and enable more prudent decision-making on allocation of resources toward specific security practices. It is intended to provide “clear guidance to owners and operators about cybersecurity practices and postures that the American people can trust and should expect for such essential services” to protect systems supporting National Critical Functions.
Join the cybersecurity performance goals discussion. We welcome feedback about our current version of the CPGs and want to hear your suggestions for additions.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.