Following up on President Biden's July 28, 2021, National Security Memorandum on "Improving Cybersecurity for Critical Infrastructure Control Systems, the Department of Homeland Security (DHS) coordinated with NIST in developing preliminary cybersecurity performance goals that will drive adoption of effective practices and controls.
CISA and NIST identified nine categories of recommended cybersecurity practices and used these categories as the foundation for preliminary control system cybersecurity performance goals. Each of the nine goals includes specific objectives that support the deployment and operation of secure control systems that are further organized into baseline and enhanced objectives. These goals represent high-level cybersecurity best practices. They are:
- Risk Management and Cybersecurity Governance
- Architecture and Design
- Configuration and Change Management
- Physical Security
- System and Data Integrity, Availability, and Confidentiality
- Continuous Monitoring and Vulnerability Management
- Training and Awareness
- Incident Response and Recovery
- Supply Chain Risk Management