CISA updates cybersecurity benchmarks
The Cybersecurity and Infrastructure Security Agency has released an updated version of its Cross-Sector Cybersecurity Performance Goals to help critical infrastructure operators, including utilities, healthcare facilities and water treatment plants, better protect their systems from cyber threats. Version 2.0 reflects several years of real-world experience and stakeholder input, offering clearer, more practical guidance designed to strengthen risk management, accountability and leadership involvement in cybersecurity across sectors.
Key updates include a new focus on governance to emphasize executive oversight, streamlined goals that better align IT and operational technology security and added guidance on supply-chain risks, zero-trust practices and incident response communication. The revised framework also clarifies implementation expectations, evaluates each goal by cost and complexity and removes or combines underused elements. Overall, the updated goals aim to provide organizations with measurable targets that support smarter cybersecurity investments and more coordinated protection of critical infrastructure.
