2nd Edition

Tracking the trends and news for IT and IT Security

Paul Davis

Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk

Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk>
Cybersecurity & Infrastructure Security Agency
The Cybersecurity and Infrastructure Security Agency (CISA) has reported on the positive effects of its Cybersecurity Performance Goals (CPGs), designed to bolster the cybersecurity posture of organizations of all sizes and levels of cyber maturity.
CISA identified positive trends in the reduction of known exploited vulnerabilities (KEVs) and the removal of exploitable internet services since the release of the CPGs.
Reductions in the average number of KEVs were observed among enrolled organizations, with a notable decrease of nearly 20% following the publication of the CPGs.
Additionally, organizations with exploitable internet services exhibited modest declines after the CPGs were published.
Services such as remote desktop protocol (RDP) and remote procedure call (RPC) showed slight reductions, which are common attack vectors for threat actors.
The impact of using vulnerability scanning played a significant role, with organizations enrolled in the service demonstrating progress in reducing the average number of KEVs exposed per entity and gradual reductions in exposing exploitable internet services.
Enrollment in CISA’s vulnerability scanning service increased by nearly 69% from April 1, 2022, to June 30, 2023, with newly enrolled organizations decreasing their vulnerability exposure by 20% within the first three months of vulnerability scanning.
Moving forward, CISA plans to enhance its analysis of trends to track progress and focus efforts on areas requiring attention.
It also aims to introduce new services and capabilities and encourage organizations to adopt CPGs to reduce the prevalence and impact of cyber intrusions.
Organizations are encouraged to enroll in vulnerability scanning services and conduct a CPG Assessment using the Cyber Security Evaluation Tool (CSET) to effectively reduce identified risks.
CISA also invites organizations with relevant data on CPG adoption to share their insights to further the collective mission of enhancing cybersecurity.
Link: https://www.cisa.gov/news-events/news/cybersecurity-performance-goals-assessing-how-cpgs-help-organizations-reduce-cyber-risk

Categories:

Tags: