Security News > 2023 > May > The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals
In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency.
Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.
CISA's first CPG is "Identify", which includes identifying the vulnerabilities in the IT and OT assets inventory, establishing supply chain incident reporting and vulnerability disclosure program, validating the effectiveness of third-party security controls across your IT and OT networks, establishing OT security leadership, and mitigating known vulnerabilities.
Addressing all these aspects of account security can be a chore for most organizations, but they can turn to unified secure remote access solutions that can extend multiple account-level security controls to OT remote users via enforcement of multi-factor authentication, least privilege policies, and role-based access.
CISA's third CPG emphasizes the detection of relevant threats and knowledge of potential attack vectors and TTPs that can compromise OT security and potentially disrupt critical services.
CISA's OT-specific goals and actions within the CPGs provide a much-needed set of guidelines for CNI organizations to strengthen their security posture and increase cyber resilience.
News URL
https://www.helpnetsecurity.com/2023/05/25/cisa-cybersecurity-performance-goals/
Related news
- Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes (source)
- A closer look at the 2023-2030 Australian Cyber Security Strategy (source)
- The ROI of Security Investments: How Cybersecurity Leaders Prove It (source)
- Australia Passes Groundbreaking Cyber Security Law to Boost Resilience (source)
- Top 5 Cyber Security Trends for 2025 (source)
- Shape the future of UK cyber security (source)
- Strengthening security posture with comprehensive cybersecurity assessments (source)
- Overlooking platform security weakens long-term cybersecurity posture (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)