CISA CPG v2024
Cross-Sector Cybersecurity Performance Goals
Framework data extracted from the Secure Controls Framework (SCF) v2025.4 Set Theory Relationship Mapping (STRM) files, licensed under CC BY-ND 4.0 . Attribution required per license terms.
38 All
1 — Account Security (9 goals)
2 — Device Security (24 goals)
2.AChange Default Passwords
2.BMinimum Password Strength
2.CUnique Credentials
2.DRevoke Credentials for Departing Staff
2.ESeparate User and Privileged Accounts
2.FNetwork Segmentation
2.GUnsuccessful Login Attempts
2.HMulti-Factor Authentication
2.ICybersecurity Training
2.JOT Cybersecurity Training
2.KStrong Encryption
2.LSensitive Data Protection
2.MEmail Security
2.NMacro Security
2.OIncident Response Planning
2.PIncident Response Testing
2.QHardware and Software Approval
2.RSystem Backups
2.SIncident Response Plan Maintenance
2.TLog Collection and Storage
2.ULog Protection
2.VPortable Media Security
2.WSecure Internet-Facing Assets
2.XOT Internet-Facing Asset Protection