Critical infrastructure
security
NIST, DHS Publish Preliminary Performance Goals for Critical Infrastructure Cybersecurity
The National Institute of Standards and Technology and the Department of Homeland Security have jointly developed preliminary performance goals for the cybersecurity of critical infrastructure control systems.
NIST and the Cybersecurity and Infrastructure Security Agency identified nine categories of cybersecurity practices that will serve as the foundation of the performance goals. The guidance is expected to drive the adoption of effective practices and controls, NIST said.
The goals tackle risk management and cybersecurity governance; architecture and design; configuration and change management; physical security; system and data integrity, availability and confidentiality; continuous monitoring and vulnerability management; training and awareness; incident response and recovery; and supply chain risk management.
Secretary of Homeland Security Alejandro Maryorkas and Secretary of Commerce Gina Raimondo said the goals are long overdue and will serve as the first step in an effort to address national security challenges.
“It is vital that critical infrastructure owners and operators immediately take steps to strengthen their cybersecurity posture toward these high-level goals,” Mayorkas and Ramondo said in a Sept. 22 joint statement.
CISA defines critical infrastructure sectors as those whose assets, systems and networks are essential for security, national economic security or public health and safety.
The agency currently recognizes 16 such sectors, including the chemical, commercial facilities, communications, defense industrial base, emergency services, energy, health care and information technology sectors. Lawmakers have proposed legislation seeking to add the space sector to the list.
NIST added that the nine goals support President Joe Biden‘s July 28 memorandum on improving the cybersecurity of critical infrastructure control systems across the private sector and all levels of government.
Category: Cybersecurity