What Are the CISA Cybersecurity Performance Goals & How Can You Use Them?

, ,

The Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency within the Department of Homeland Security (DHS) that is responsible for protecting the United States’ critical infrastructure from cyber threats. CISA has established several performance goals to improve its cybersecurity as well as that of organizations throughout the U.S. They partner with other organizations to address current threats and to work towards a stronger and more resilient infrastructure for the future.

CISA is responsible for leading the national effort to understand, manage, and reduce risks to cyber and physical infrastructure. They facilitate communication and collaboration between their stakeholders in industry and government. They also provide access to resources, analyses, and tools to help them improve their own cyber, communication, physical security, and resilience. According to findings by Statista, over half of respondents to a survey agreed that the most critical cybersecurity area in 2023 would be data security. It was followed by privacy and cybersecurity analytics, each chosen by more than 40% of respondents. 

What Are the CISA Cybersecurity Performance Goals?

Cybersecurity Performance Goals are a set of guidelines that all businesses can follow to improve their IT security across the entire technology environment. By implementing the CISA Cybersecurity Performance Goals, companies can help to protect their operations from cyber threats. These goals are specifically related to Information Technology (IT) and Operational Technology (OT). They include:

Account Security

Account security involves protecting the accounts and access credentials of individuals and organizations from unauthorized access or misuse. This can include measures such as using strong, unique passwords for each account, enabling two-factor authentication, regularly updating passwords, and monitoring for suspicious activity. The benefits of this CISA goal include the following:

  • Detection of unsuccessful automated login attempts protects an organization from credential-based attacks.
  • Changing default passwords prevent adversaries from using default passwords to breach the network.
  • Multi-Factor Authentication creates additional security layers to protect accounts whose login details have been compromised.
  • Separating user and privileged accounts makes it adder for criminals to gain access to administrative accounts.
  • With unique credentials, cybercriminals cannot compromise login details to move across networks.

Device Security

This CISA goal involves taking steps to ensure the prevention of unauthorized access to sensitive systems and data as well as reducing the risk of cyber-attacks and data breaches. Other features include:

  • The hardware and software approval process will increase visibility into technology and reduce the probability of breaches by users who install unapproved hardware, software, or firmware.
  • Disabling macros by default reduces the risk from macro and similar executable codes and adversary TTP.
  • Asset inventory will identify known, unknown, and unmanaged assets. It will rapidly identify and respond to new vulnerabilities.
  • Prohibiting the connection of unauthorized devices will prevent criminals from gaining access through unauthorized gadgets.

Data Security

The goal of ensuring data security is important because it helps to protect sensitive and confidential information from being accessed or misused by unauthorized individuals. In addition to helping to reduce the risk of data breaches and other cybersecurity incidents, this CISA goal involves the following:

  • Log collection will help achieve enhanced visibility to detect and respond to cyber-attacks.
  • With secure log storage, the security logs of organizations are protected from breaches.
  • Strong and agile encryption deployed will maintain the confidentiality of data and integrity of OT and IT traffic
  • Secure sensitive data will protect sensitive information from any form of breach

Governance and Training

Ensuring good governance and providing adequate training are important because they help to ensure that all individuals within an organization are aware of and understand their role in protecting the organization’s systems and data. Highlights of this goal include:

  • Organizational cybersecurity leadership will make a single leader accountable and responsible for cybersecurity within the organization.
  • OT cybersecurity leadership will make an individual accountable for OT-related cyber security within the organization.
  • Basic cybersecurity training will enable users and employees to learn and implement security attributes.
  • Improving IT and OT cybersecurity relationships will improve OT cybersecurity and effectively respond to OT cyber-attacks.

Vulnerability Management

Organizations’ software and systems may be susceptible to security flaws and misconfigurations, but these issues may be located, evaluated, remedied, and reported by implementing effective vulnerability management, which is one of the CISA cybersecurity performance goals. Benefits derived from this goal include:

  • Mitigating known vulnerabilities reduces the potential exploitation and breach of networks.
  • Reporting and disclosing vulnerabilities allows organizations to learn about the vulnerabilities in their system.
  • Deploying security ‘txt files’ increases the speed of submission of discovered vulnerabilities by security researchers.
  • Third-party validation of cybersecurity control effectiveness and identifies TTP that lacks resilience.

Supply Chain/Third Party

This is a CISA cybersecurity performance goal aimed at helping to reduce the risk of cyber-attacks and data breaches that could be caused by vulnerabilities in the systems and networks of an organization’s suppliers and other third parties. It can also help to protect the confidentiality, integrity, and availability of the organization’s own systems and data.  The goal operates as follows:

  • Vendor/supplier cybersecurity requirements reduce risk by more secure products and services from more secure suppliers.
  • Supply chain incident reporting allows organizations to learn about and respond to breaches across vendors and service providers.
  • Supply chain vulnerability disclosure will enable organizations to understand and respond to vulnerabilities in assets provided by vendors and service providers.

Response and Recovery

Response and recovery involve having a plan in place for responding to and recovering from cyber incidents, such as data breaches, malware attacks, and other types of cyber threats. Incident Reporting, Incident Response (IR) plans, System backups, and Document Network Topology are part of the response and recovery methods. 

  • When incidents are reported, CISA and other organizations can assist in attacks.
  • With system backups, organizations reduce the risk and duration of data and operation loss.
  • Document network topology allows organizations to respond to attack and maintain operation continuity efficiently.

Other Goals

Other performance goals include Network Segmentation, Detecting Relevant Threats and TTPs, and Email Security.

How Does Copperband Technologies Assist with Cybersecurity?

While some IT security companies are only concerned with selling to you a big-name anti-virus program and leaving it at that, Copperband’s strategy is a lot more practical. We will focus on protecting all of your devices and machines with the latest security tools. Contact us today for your security needs!