Dive Brief:
- The Cybersecurity and Infrastructure Security Agency updated the cybersecurity performance goals originally released in October, the agency unveiled Tuesday.
- The voluntary guidelines were designed to offer critical infrastructure providers and mainstream businesses across the country practical advice on ways to bolster their resilience against a rising trend of malicious cyber activity.
- The revised goals more closely align with the cybersecurity framework developed by the National Institute of Standards and Technology.
Dive Insight:
The CPGs were originally released to provide information and operational technology providers baseline goals for improving cybersecurity.
The revised goals include key changes, including recently updated guidance on implementing phishing-resistant multifactor authentication. The industry has seen a wave of malicious attacks over the past year where threat actors have targeted organizations using sophisticated social engineering techniques.
CISA received a wide range of feedback from stakeholders, including other federal agencies, international partners and members of the private sector. CISA officials have been meeting with members of local communities across the country for months in an effort to find out how a rise in malicious activity is impacting businesses and Americans.
Some of the most vulnerable people and organizations in the country are local businesses, smaller providers of critical services and city and county governments that don’t have resources to hire sophisticated cybersecurity firms or spend millions to upgrade their IT infrastructure.
