CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs) reflect the federal government’s effort to raise the baseline for basic cybersecurity effectiveness. CPG 2.0 breaks away from the idea of a strict framework, instead establishing a strategic, outcome-driven baseline for cybersecurity performance that cuts across industries, operating environments, and organizational maturity levels.

For CISOs, CIOs, and compliance officers, the value of CPG 2.0 lies in its reframing of cybersecurity as a set of measurable performance expectations anchored in governance and risk management.