Alex Whitworth, cybersecurity solutions vertical executive at Carahsoft Technology, said the cross-sector cybersecurity performance goals released by the Cybersecurity and Infrastructure Security Agency provide information technology and operational technology practices that could help organizations improve the cyber resilience of critical infrastructure.
These practices are grouped into eight categories, including account security, data security, governance and training and vulnerability management, Whitworth wrote in a blog post published Friday.
He noted that CISA issued the updated CPGs in March in alignment with the functions of the National Institute of Standards and Technology’s Cybersecurity Framework. The CPGs also come with the updated multifactor authentication goal to reflect CISA’s latest guidelines.
Apart from the cross-sector goals, Whitworth cited several best practices that operators of industrial control systems should consider.
These include restricting physical access to ICS devices and networks, implementing unidirectional gates and protecting against unauthorized data changes through network oversight.