CISA releases Cross-Sector CPG 2.0
Public Sector Action
Summary
Hide ▲
Show ▼
The Cybersecurity and Infrastructure Security Agency (CISA) released version 2.0 of the Cross-Sector Cybersecurity Performance Goals (CPGs), updating voluntary guidance for critical infrastructure organizations across sectors. The revision aligns with NIST CSF 2.0 and expands practical advice on governance, vulnerability management, supply chain risk, and incident response and recovery. The update matters because it gives organizations a clearer baseline for improving resilience and prioritizing cybersecurity investments.
Related Happenings
CISA launches ANCHOR-CI critical infrastructure advisory framework
Public Sector Action
H score28
First: 01.07.2026 15:00
Last: 01.07.2026 15:00
Sources 1
About this happening:
**CISA** announced **ANCHOR-CI**, a new advisory-body framework that expands **information sharing** and public-private coordination for **critical infrastructure** security and r...
CISA launches ANCHOR-CI critical infrastructure advisory framework
Public Sector ActionAbout this happening: **CISA** announced **ANCHOR-CI**, a new advisory-body framework that expands **information sharing** and public-private coordination for **critical infrastructure** security and r...
Executive order NSA CISA NIST and Treasury Department created a voluntary pre-release review framework a classified benchmark federal hardening directives and an AI cybersecurity
Public Sector Action
H score26
First: 03.06.2026 14:00
Last: 03.06.2026 14:00
Sources 1
About this happening:
President Donald Trump signed a **June 2 executive order** creating a **voluntary pre-release cybersecurity review** for **covered frontier AI models**, giving the US government a...
Executive order NSA CISA NIST and Treasury Department created a voluntary pre-release review framework a classified benchmark federal hardening directives and an AI cybersecurity
Public Sector ActionAbout this happening: President Donald Trump signed a **June 2 executive order** creating a **voluntary pre-release cybersecurity review** for **covered frontier AI models**, giving the US government a...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
H score38
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
**CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector ActionAbout this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector Action
H score29
First: 05.05.2026 15:00
Last: 05.05.2026 15:00
Sources 1
About this happening:
CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
CISA releases CI Fortify guidance for critical infrastructure resilience
Public Sector ActionAbout this happening: CISA released CI Fortify, guidance for critical infrastructure operators across sectors to help keep essential services running during cyberattack or crisis conditions. The framew...
Latest development: 06.05.2026 16:15
CISA launched CI Fortify on Tuesday as a planning framework for critical infrastructure operators in water, energy, transportation and communications to prepare for cyber disruption by disconnecting OT systems from third-party and business networks, maintaining essential services in degraded communications conditions, and recovering compromised systems through backups, component replacement, or a transition to manual operations.
NIST CVE/NVD prioritization shift
Public Sector Action
H score35
First: 17.04.2026 00:47
Last: 17.04.2026 00:47
Sources 1
About this happening:
**NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
NIST CVE/NVD prioritization shift
Public Sector ActionAbout this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...
Timeline
-
11.12.2025 14:00 2 articles · 7mo ago
CISA releases Cross-Sector CPG 2.0
Industry Or Public Sector UpdateThe Cybersecurity and Infrastructure Security Agency (CISA) released version 2.0 of the Cross-Sector Cybersecurity Performance Goals (CPGs), aligning the guidance with NIST Cybersecurity Framework (CSF) 2.0 and expanding coverage of account and device security, data protection, governance, vulnerability management, supply chain risk, and incident response and recovery for critical infrastructure organizations and small and medium-sized organizations.
Show sources
- CISA Unveils Enhanced Cross-Sector Cybersecurity Performance Goals — www.cisa.gov — 11.12.2025 14:00
- CISA Unveils Enhanced Cross-Sector Cybersecurity Performance Goals — www.cisa.gov — 11.12.2025 14:00