The US Cybersecurity Infrastructure & Security Agency (CISA) today released its new Cross-Sector Cybersecurity Performance Goals (CPGs), a foundational set of IT and operational technology (OT) practices and recommendations that can help smaller, lesser-resourced organizations better prioritize cybersecurity efforts and reduce risk. 

The CPGs could become an invaluable cybersecurity guide and checklist for critical infrastructure owners, many of whom are considered small- or medium-sized private-sector entities.

CISA and many others have acknowledged that the reality on the ground today is that there is a resource gap hindering the efforts of many of these companies. While the CPGs alone will not solve this problem, a set of cost-effective, outcome-orientated, actionable practices will help bridge the gap. In summary, the CPCG build on the NIST CyberSecurity recommendations but focuses on Vulnerability Mitigation, especially also for Operational Technology (OT) and Access and Authentication as primary steps.