Reposted from CISA

The Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Performance Goals (CPG) Adoption Report that provides key findings from analysis conducted on CPGs implemented from October 27, 2022 through August 31, 2024. In October 2022, CISA released the Cybersecurity Performance Goals (CPGs) to help organizations of all sizes and at all levels of cyber maturity become more confident in their cybersecurity posture and reduce business risk. This analysis focused on six CPGs and is based on vulnerability exposure across 7,791 critical infrastructure organizations enrolled in CISA’s Vulnerability Scanning service. Key findings include that the adoption of CPGs led to reduced access to exploitable internet services, quicker resolution of Secure Sockets Layer (SSL) vulnerabilities, and quicker remediation of critical and high severity exploited vulnerabilities. The findings reflect that CPG adoption across critical infrastructure sectors is having a moderate impact. While these trends are progress in the right direction, CISA acknowledges that there is room for improvement. As CISA continues to evolve CPG guidance, CPG adoption analytics will be more granular and apparent. Over time, advancement will allow CISA to infer adoption of more CPGs. CISA continues to encourage organizations to enroll in cyber hygiene services and implement the CPGs.

See Original Post