Following up on President Biden’s July 28, 2021, National Security Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls.
CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals. Each of the nine goals includes specific objectives that support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives. These goals represent high-level cybersecurity best practices. They are:
The preliminary performance goals and objectives are available on CISA.gov.
NIST conducts research and provides resources to improve the cybersecurity of Operational Technology. Among activities that will contribute to implementing the National Security Memorandum, NIST is revising its Guide to Industrial Control Systems (ICS) Security (SP 800-82).