The Cybersecurity and Infrastructure Security Agency (CISA) has released updated Cross-Sector Cybersecurity Performance Goals (CPG 2.0) with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity.

CPG 2.0 includes a new component focused on the essential role of governance in managing cybersecurity. It emphasizes accountability, risk management, and strategic integration of cybersecurity into day-to-day operations, reinforcing the principle that effective governance is the cornerstone of a resilient cyber posture.

CPGs are streamlined and outcome-driven cybersecurity protections for information technology and operational technology environments and provide:

• Clear, foundational practices aligned with real-world threats.
• Straightforward, outcome-oriented language to aid implementation.
• A baseline for guiding investment, benchmarking progress, and reducing risk in measurable ways.