Now that the cross-sector CPGs have been published, CISA is working with Sector Risk Management Agencies (SRMAs) to directly engage with each critical infrastructure sector to develop Sector-Specific Goals (SSGs). In most instances, these goals will likely consist of either new, unique additional goals with direct applicability to a given sector, or, materials to assist sector constituents with effective implementation of the existing cross-sector CPGs. Sector-specific goals will be developed by:
- Identifying any additional cybersecurity practices, not already included in the Common Baseline, needed to ensure the safe and reliable operation of critical infrastructure in that sector.
- Providing examples for recommended actions specific to the infrastructure and entities in that sector; and
- Mapping any existing requirements (e.g., regulations or security directives) to the Common Baseline and sector-specific objectives and/or recommended actions so stakeholders can see how their existing compliance practices fulfill certain objectives.
As there are 16 Critical Infrastructure sectors with varying needs, CISA will be tackling this effort in several phases. The first four sectors CISA is working with include the Energy, Financial Services, IT, and Chemical Sectors. In addition, CISA will be working throughout the year with the Water/Wastewater Sector, Healthcare Sector, and K-12 Subsector on identifying approaches for how organizations in those sectors/subsector can enhance their cybersecurity posture through implementation of the existing body of cross-sector goals.
To achieve its sector-specific goals development aims, CISA intends to actively engage with sector stakeholders, including holding multiple development workshops. While Sector Coordinating Councils (SCCs) will be one conduit for part of this outreach, CISA is committed to working closely with SRMAs to ensure that development of all sector-specific materials is done in an open and collaborative fashion, that includes participation from stakeholders of varying size and perspective.
More information on the sector-specific goals will be provided as efforts progress.
