CISA and Cross-Sector Cybersecurity Performance

Feb 12, 2026 Lazarus Alliance 0 Comment

CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) reflect the federal government’s effort to raise the baseline for basic cybersecurity effectiveness. CPG 2.0 breaks away from the idea of a strict framework, instead establishing a strategic, outcome-driven baseline for cybersecurity performance that cuts across industries, operating environments, and organizational maturity levels.

For CISOs, CIOs, and compliance officers, the value of CPG 2.0 lies in its reframing of cybersecurity as a set of measurable performance expectations anchored in governance and risk management.

Tech Debt and Reliance on Open-Source Security

Jan 21, 2026 Lazarus Alliance 0 Comment

A long, rainbow-colored digital USB plugged into a laptop.

Open-source software is the cornerstone of most IT platforms and infrastructure. This reliance extends beyond major applications; most software worldwide relies, in part, on even the smallest OSS library that solves a critical problem.

For businesses subject to FedRAMP, CMMC, and other federal jurisdictions, this is a solid way to plan their compliance. As we’re seeing, however, OSS is just as vulnerable as other software (if not more) due to the nature of decentralized development. This has become such an issue that even members of Congress are starting to pay attention.

Why Risk Reduction Matters for Compliance

Jan 16, 2026 Lazarus Alliance 0 Comment

A blue key inserted into a loc on a shield symbol.

Federal cybersecurity has long since moved beyond compliance for its own sake. Still, one of the most persistent and dangerous mistakes organizations continue to make is equating compliance with security.

This article repeats a common message that we’ve been hammering home for years: that risk reduction, not box-checking, must be the organizing principle of modern cybersecurity programs, particularly for organizations operating in regulated or government-adjacent environments.