DHS, NIST Coordinate in Releasing Preliminary Cybersecurity Performance Goals for Critical Infrastructure Control Systems

Following up on President Biden’s July 28, 2021, National Security Memorandum on “Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls.

CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals. Each of the nine goals includes specific objectives that support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives.  These goals represent high-level cybersecurity best practices.  They are:

• Risk Management and Cybersecurity Governance
• Architecture and Design
• Configuration and Change Management
• Physical Security
• System and Data Integrity, Availability, and Confidentiality
• Continuous Monitoring and Vulnerability Management
• Training and Awareness
• Incident Response and Recovery
• Supply Chain Risk Management

The preliminary performance goals and objectives are available on CISA.gov.

See the Joint Statement by Secretaries Mayorkas and Raimondo on President Biden’s National Security Memorandum to Strengthen Nation’s Cybersecurity Infrastructure

NIST conducts research and provides resources to improve the cybersecurity of Operational Technology. Among activities that will contribute to implementing the National Security Memorandum, NIST is revising its Guide to Industrial Control Systems (ICS) Security (SP 800-82).