The Cybersecurity and Infrastructure Security Agency has seen positive trends in its cybersecurity performance goals, or CPG, relating to mitigating known vulnerabilities and removing exploitable services on the internet.
CISA officials said in a blog post published Tuesday that organizations enrolled in the agency’s vulnerability scanning service have decreased the average number of known exploited vulnerabilities, a.k.a. KEVs, on their networks by almost 20 percent since the CPGs were released in October 2022.
The agency has also seen progress toward the first CPG’s recommendation to patch or mitigate KEVs on internet-accessible assets.
In addition, CISA has revealed that public-facing assets with exploitable services on the internet exhibited modest declines, indicating progress in removing exploitable internet services since the CPGs were published.