The Washington Post released an article this week with the headline “Industry groups aren’t thrilled about new cyber ‘performance goals.’”
The article begins, “Biden is asking critical infrastructure owners to hit cybersecurity goals, and they’re not happy about it.
“A federal agency is due next month to deliver a list of cybersecurity goals the Biden administration wants owners of the most critical digital infrastructure to meet — a list that has spawned industry criticism.
“The Cybersecurity and Infrastructure Security Agency (CISA) has solicited feedback on the list for months, and granted an extension through last week for trade associations and others to deliver their commentary. While the goals are voluntary, some industry officials are uncomfortable about whether the ‘performance goals’ are a prelude to regulation, among other concerns.”
The CISA Cross-Sector Cybersecurity Performance Goals and Objectives contain a 22-page list of goals with the following areas covered:
- Account Security
- Device Security
- Data Security
- Governance and Training
- Vulnerability Management
- Supply Chain/Third…
