CISA updates cybersecurity performance goals with governance component

CISA published Cross-Sector Cybersecurity Performance Goals (CPG 2.0), a set of measurable actions intended for critical infrastructure owners and operators and applicable to information technology and Operational technology (OT) environments to establish a foundational level of cybersecurity.

The update incorporates lessons learned and aligns with the most recent National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) (NIST Causal Simulation Framework (CSF)) revisions; it adds a new component focused on governance and identifies governance as essential to managing cybersecurity, emphasizing accountability, risk management, and strategic integration of cybersecurity into day-to-day operations. CPGs are described as streamlined, outcome-driven protections for IT and OT environments.

CPG 2.0 is presented as addressing the most common and impactful threats facing critical infrastructure today, reinforcing the principle that effective governance is the cornerstone of a resilient cyber posture. The guidance also specifies a baseline intended to guide investment, benchmark progress, and reduce risk in measurable ways.

The document is published as an update to the Cross-Sector Cybersecurity Performance Goals and is titled CPG 2.0; for more information, consult CISA's CPG 2.0 and Cross-Sector Cybersecurity Performance Goals pages.

The guidance characterizes the CPGs as providing clear, foundational practices aligned with real-world threats, using straightforward, outcome-oriented language to aid implementation, and supplying criteria to guide investment decisions and measure progress toward reducing risk.

Dataminr listed in AWS Marketplace through Carahsoft

Nvidia Broadcom Zscaler and others report Feb 2026 - Week of February 9, 2026

CompTIA partners with SGInnovate on Singapore upskilling program