US · Framework
CISA CPG — CISA Cross-Sector Cybersecurity Performance Goals
The CPGs are a voluntary, outcome-driven baseline of high-impact cybersecurity practices for US critical infrastructure, aligned to the NIST Cybersecurity Framework.
What it is
The CPGs are a voluntary, outcome-driven baseline of high-impact cybersecurity practices for US critical infrastructure, aligned to the NIST Cybersecurity Framework.
United States · Voluntary; version 2.0
Who it binds
Voluntary; aimed at critical-infrastructure owners and operators, especially small and medium organisations.
Key obligations
- Account and device security
- Data protection
- Governance, vulnerability and supply-chain management
- Incident response and recovery
How CCI addresses it
CySSURANCE benchmarks your estate against the CPGs and the underlying NIST CSF, with maturity computed rather than opined.
Official source
CISA Cross-Sector Cybersecurity Performance Goals (v2.0)
https://www.cisa.gov/cross-sector-cybersecurity-performance-goals-cpgs
The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.