The Cybersecurity and Infrastructure Security Agency is urging organizations to begin implementing Cross-Sector Cybersecurity Performance Goals in compliance with the Biden administration’s policy to improve IT protection and defense of the country’s critical infrastructure.
Organizations in government and industry alike can start with simple and straightforward practices, such as changing default passwords, in order to incrementally achieve CPGs, Eric Goldstein, CISA’s executive assistant director for cybersecurity, wrote in a blog post on Friday.
Voluntary CPGs, which are guided by the Cybersecurity Framework, were launched in December based on different entities’ sectors and sizes. CISA designed the goals according to an organization’s priority to ensure that implementation would be cost-effective.
According to the agency, critical infrastructure entities should accomplish essential CPGs first, before moving on to other items in the performance goals. These include adding phishing-resistant multifactor authentication; separating user accounts from administrator-level privileges; and creating and maintaining incident response plans.