DHS Announces Performance Goals for Cybersecurity Framework

The Integrated Task Force, in collaboration with its private sector partners, has developed the National Performance Goals for the NIST Cybersecurity Framework as called for in Executive Order 13636.

The Performance Goals apply to organizations adopting the Framework, encourage progress toward national-level outcomes achieved in part by widespread adoption of the Framework, and emphasize the importance of an enterprise risk management strategy that associates cybersecurity investments with enterprise business plans.

The goals are:

1. Critical systems and functions are identified and prioritized and cyber risk is understood as part of a risk management plan.
2. Risk-informed actions are taken to protect critical systems and functions.
3. Adverse cyber activities are detected and situational awareness of threats is maintained.
4. Resources are coordinated and applied to triage and respond to cyber events and incidents in order to minimize impacts to critical systems and functions.
5. Following a cyber incident, impacted critical systems and functions are reconstituted based on prior planning and informed by situational awareness.
6. Security and resilience are continually improved based on lessons learned consistent with risk management planning.

Organizations should view the Performance Goals as guideposts to adopting the Framework that will encourage movement in a common direction and promote the reliability and integrity of critical functions in the face of most cyber incidents.

To learn more about the Performance Goals, please email EO-PPDTaskForce@dhs.gov.


Comments are closed.