Security News > 2023 > May > The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals

In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency.

Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.

CISA's first CPG is "Identify", which includes identifying the vulnerabilities in the IT and OT assets inventory, establishing supply chain incident reporting and vulnerability disclosure program, validating the effectiveness of third-party security controls across your IT and OT networks, establishing OT security leadership, and mitigating known vulnerabilities.

Addressing all these aspects of account security can be a chore for most organizations, but they can turn to unified secure remote access solutions that can extend multiple account-level security controls to OT remote users via enforcement of multi-factor authentication, least privilege policies, and role-based access.

CISA's third CPG emphasizes the detection of relevant threats and knowledge of potential attack vectors and TTPs that can compromise OT security and potentially disrupt critical services.

CISA's OT-specific goals and actions within the CPGs provide a much-needed set of guidelines for CNI organizations to strengthen their security posture and increase cyber resilience.

News URL

https://www.helpnetsecurity.com/2023/05/25/cisa-cybersecurity-performance-goals/