Cross-Sector Cybersecurity Performance Goals - Slick Sheet
Organizations across every sector are under constant threat from malicious cyber actors. At the same time, every organization has limited resources to implement effective cybersecurity measures, leading to a simple question: where to start? The cross-sector Cybersecurity Performance Goals (CPGs) are intended to help answer this question by providing a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices aimed at meaningfully reducing risk to both critical infrastructure operations and the American people. The CPGs allow organizations to align investments and assess gaps based upon the most common and impactful threats and adversary tactics, techniques, and procedures (TTPs) observed by the Cybersecurity and Infrastructure Security Agency (CISA) and its government and industry partners, making them a common set of protections that all critical infrastructure entities — from large to small — should implement.