Yesterday, CISA released their “Cybersecurity Performance Goals Adoption Report”, highlighting the benefits that the Cybersecurity Performance Goals (CPGs) have incurred on U.S. critical infrastructure. The CPGs are based on 7,791 critical infrastructure organizations enrolled in CISA’s Vulnerability Scanning service between August 1, 2022 and August 31, 2024.

Importantly, CISA identifies the water and wastewater systems sector as one of four critical infrastructure sectors most impacted by CPG adoption. WaterISAC has repeatedly used and encouraged the adoption of CISA’s CPGs in many of our engagements, most notably in the 12 Cybersecurity Fundamentals for Water and Wastewater Utilities which includes extensive incorporation of the CPGs mapped throughout. Access the full report at CISA.