A common set of protections that all critical infrastructure entities – from large to small – should implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.
CISA’s Cross-Sector Cybersecurity Performance Goals 2.0 (CPGs) are a subset of cybersecurity practices, selected through a thorough process of industry, government, and expert consultation, aimed at meaningfully reducing risks to both critical infrastructure operations and the American people. These voluntary Cross-Sector CPGs strive to help small- and medium-sized organizations kickstart their cybersecurity efforts by prioritizing investment in a limited number of essential actions with high-impact security outcomes.