RegScale Announces Support for the CISA Cross-Sector Cyber Security Performance Goals (CPG)

February 2, 2023 | By J. Travis Howerton

In July 2021, President Biden signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. This memorandum required CISA, in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, to develop baseline cybersecurity performance goals that are consistent across all critical infrastructure sectors. These voluntary cross-sector Cybersecurity Performance Goals (CPGs) are intended to help establish a common set of fundamental cybersecurity practices for critical infrastructure, and especially help small- and medium-sized organizations kickstart their cybersecurity efforts.

The CPGs are a prioritized subset of IT and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques. The goals were informed by existing cybersecurity frameworks and guidance, as well as the real-world threats and adversary tactics, techniques, and procedures (TTPs) observed by CISA and its government and industry partners. By implementing these goals, owners and operators will not only reduce risks to critical infrastructure operations, but also to the American people.

At RegScale, we give Critical Infrastructure providers easy and free tools to get started with building a fully compliant CISA CPG program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of February 2, 2023, RegScale has announced that we officially support the CISA CPG as a catalog within our platform with automated tools/wizards for building compliant critical infrastructure programs. In addition, we have published multiple machine readable formats of CISA CPG including the raw JSON and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their compliance automation programs using machine readable formats.

Schedule a free demo today to learn how RegScale can help you continuously meet your critical infrastructure security requirements. If you are ready to start automating your compliance processes for creating and managing CISA CPG requirements in your critical infrastructure program, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust CISA CPG compliance artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk related to their critical infrastructure systems.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.