February 5, 2023

Volume XIII, Number 36

Error message

  • Warning: Undefined variable $settings in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).
  • Warning: Trying to access array offset on value of type null in include_once() (line 135 of /var/www/html/docroot/sites/default/settings.php).

February 03, 2023

Subscribe to Latest Legal News and Analysis

CISA Releases Cross-Sector Cybersecurity Performance Goals

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released a draft of the agency’s Cross-Sector Cybersecurity Performance Goals (“CPGs”) for critical infrastructure in the United States. The CPGs provide a common set of fundamental cybersecurity practices to guide critical infrastructure entities in measuring and improving their cybersecurity maturity.  

Developed in response to President Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, the CPGs are intended to supplement the National Institute of Standards and Technology’s Cybersecurity Framework and offer a baseline of cybersecurity performance goals for Information Technology and Operational Technology.  The CPGs are divided into eight categories:

  • Account Security

  • Device Security

  • Data Security

  • Governance and Training

  • Vulnerability Management

  • Supply Chain/Third Party

  • Response and Recovery

  • Other

Each of the CPGs describes the risks the goal seeks to address, the ultimate security outcome, and the recommended actions to achieve the outcome. CISA noted that the CPGs are voluntary and designed to be easy to understand and communicate with non-technical audiences, including senior business leadership. CISA is now seeking comments on the CPGs from stakeholders in the critical infrastructure sectors via a dedicated website.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 333

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct