Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: DHS announces Cybersecurity Performance Goals for critical infrastructure

The Department of Homeland Security ('DHS') announced, on 27 October 2022, the new Cybersecurity Performance Goals ('CGPs') for critical infrastructure. In particular, the DHS outlines that the CGPs were developed through the Cybersecurity and Infrastructure Security Agency ('CISA'), outlining voluntary practices and the highest priority baseline measures that businesses and critical infrastructure owners can take to protect themselves against cyber threats.

Likewise, the DHS noted that the CISA developed the CGPs with the National Institute for Standards and Technology ('NIST'), and that the CGPs function as a 'QuickStart Guide' to the NIST Cybersecurity Framework. Further, the CGPs note that they aim to help organisations with smaller or less mature cybersecurity programmes to prioritise which measures to implement, and communicate the importance of these measures to non-technical executives.

More specifically, the CGPs detail cybersecurity measures that may be taken for account security, including detection of unsuccessful login attempts, changing passwords, multifactor authentication, minimum password strength, separating user and privileged accounts, unique credentials, and revoked credentials for departing employees. Likewise, the CGPs provide specific guidance on device security, data security, governance and training, vulnerability management, supply chain/third party measures, and response and recovery.

You can read the announcement here and the CGPs here.