The US Department of Homeland Security releases New Cybersecurity Performance Goals for Critical Infrastructure (CPGs)

On 27 October 2022, the United States Department of Homeland Security (DHS) released new Cybersecurity Performance Goals (CPGs). CPGs are voluntary and non-comprehensive ‘[prioritized subset of IT and operational technology (OT) cybersecurity practices‘ that identify the highest priorities and measures owners of critical infrastructures and supply chains should follow to protect against cyber attacks.

As part of the White House efforts and new investments in cybersecurity, the CPGs were developed by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with governmental and private sector actors. These procedures are meant to be implemented in the [National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF), covering the following issues: account security, device security, data security, governance and training, vulnerability management, supply chain and third parties security, and finally recovery and response.