CISA releases Cross-Sector CPG 2.0
Public Sector Action
Summary
Hide ▲
Show ▼
The Cybersecurity and Infrastructure Security Agency (CISA) released version 2.0 of the Cross-Sector Cybersecurity Performance Goals (CPGs), updating voluntary guidance for critical infrastructure organizations across sectors. The revision aligns with NIST CSF 2.0 and expands practical advice on governance, vulnerability management, supply chain risk, and incident response and recovery. The update matters because it gives organizations a clearer baseline for improving resilience and prioritizing cybersecurity investments.
Related Happenings
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
**CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector ActionAbout this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector Action
First: 05.05.2026 15:00
Last: 05.05.2026 15:00
Sources 1
About this happening:
CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector ActionAbout this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
Latest development: 06.05.2026 16:15
CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.
NIST CVE/NVD prioritization shift
Public Sector Action
First: 17.04.2026 00:47
Last: 17.04.2026 00:47
Sources 1
About this happening:
**NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST CVE/NVD prioritization shift
Public Sector ActionAbout this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST/NVD risk-based CVE enrichment change
Public Sector Action
First: 16.04.2026 15:43
Last: 16.04.2026 15:43
Sources 1
About this happening:
**NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
NIST/NVD risk-based CVE enrichment change
Public Sector ActionAbout this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
CISA updates KEV entry for CVE-2026-1731
Public Sector Action
First: 20.02.2026 17:45
Last: 20.02.2026 17:45
Sources 1
About this happening:
**CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
CISA updates KEV entry for CVE-2026-1731
Public Sector ActionAbout this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
Timeline
-
11.12.2025 14:00 2 articles · 5mo ago
CISA releases Cross-Sector CPG 2.0
Industry Or Public Sector UpdateThe Cybersecurity and Infrastructure Security Agency (CISA) released version 2.0 of the Cross-Sector Cybersecurity Performance Goals (CPGs), aligning the guidance with NIST Cybersecurity Framework (CSF) 2.0 and expanding coverage of account and device security, data protection, governance, vulnerability management, supply chain risk, and incident response and recovery for critical infrastructure organizations and small and medium-sized organizations.
Show sources
- CISA Unveils Enhanced Cross-Sector Cybersecurity Performance Goals — www.cisa.gov — 11.12.2025 14:00
- CISA Unveils Enhanced Cross-Sector Cybersecurity Performance Goals — www.cisa.gov — 11.12.2025 14:00