CISA ‘performance goals’ address incident reporting, international standards mapping

CISA’s cross-sector “cybersecurity performance goals” address the need to report cyber incidents, while leaving open room to update recommended actions for critical infrastructure owners once the agency’s upcoming mandatory regulation is in place.

Incident reporting is addressed in the response and recovery set of controls in the CPG publication, which says the outcome for reporting will be enabling CISA and “other organizations” to “provide assistance or understand the broader scope of a cyber attack.”

The publication recommends, “Organizations maintain codified...