Customizable

Cybersecurity Performance Goals (CPG) Assessment Training

Format
Other
Location type
Virtual/Online
CPG Information Page
Related topics:
Cybersecurity Best Practices, Organizations and Cyber Safety, Industrial Control Systems

Description

The CPG Training provides an overview of the Cross-Sector Cybersecurity Performance Goals (CPGs) and explains how to perform a CPG assessment using the CSET® tool. 

You will learn how to: 

  • Perform a CPG assessment in CSET®
  • Utilize CPG Performance Summaries
  • Export a CPG assessment

The course takes approximately three hours. Upon successful completion of the course, 0.3 Continuing Education Units are awarded.

Completion of this course does NOT authorize participants to perform CPG assessments on behalf of CISA. 

Technology Requirements: For the course itself, the student does not need much in terms of technology. To take the class, they must have Internet access. 

In order to download the Cyber Security Evaluation Tool (CSET®) or if they'd like to participate in the course exercise where they complete a CSET® exercise, they'll need the following technology requirements (this comes from the CSET® website

Downloading and Installing CSET

CSET® provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS) and information technology (IT) network security practices. Users can evaluate their own cybersecurity stance using many recognized government and industry standards and recommendations. Learn more about CSET on CISA's Downloading and Installing CSET webpage.

System Requirements: 

The CPG Assessment Training is a web-based and self-paced training. Speakers or headphones are recommended to use for videos shown throughout the course (closed captioning provided). High-speed internet is required.

The Cyber Security Evaluation Tool (CSET®) is required for course exercises. You can download CSET® from https://github.com/cisagov/cset*Note: CISA and DHS users can download CSET® from the Software Center. 

It is recommended users meet the minimum system hardware and software requirements prior to installing CSET®. This includes:

  • Pentium dual core 2.2 GHz processor (Intel x86 compatible)
  • 6 GB free disk space
  • 4 GB of RAM
  • Microsoft Windows 10 or higher
  • Microsoft .NET Core 5.0 Runtime (included in CSET® installation)
  • SQL Server 2019 Express LocalDB (included in CSET® installation)

Note: For all platforms, it is recommended the user upgrade to the latest Windows Service Pack and install critical updates available from the Windows Update website to ensure the best compatibility and security.

CPG Assessment Training Registration: 

Click here to register for the course. Registration difficulties? Email nhs-training@inl.gov. For other questions, contact aestraining@mail.cisa.dhs.gov for assistance. 

Assessment Cross-sector Cybersecurity Performance Goals (CPG)
Purpose Evaluate whether a minimum baseline of cybersecurity technologies and practices are implemented in information technology (IT) and operational technology (OT) environments in small- and medium-sized organizations.
Objectives
  • The Cross-sector Cybersecurity Performance Goals (CPG) training course is designed to empower students to facilitate a CPG assessment using the Cyber Security Evaluation Tool (CSET).
  • The CPGs are a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.
  • The goals were informed by existing cybersecurity frameworks and guidance, and by real-world threats and adversary tactics, techniques, and procedures (TTPs). CISA and its government and industry partners observed this.
  • By implementing these goals, owners and operators will reduce risks to critical infrastructure operations and to the American people.
  • The assessment process depends on in-person interviews leveraging CSET to track responses, conduct posture analysis, and generate a report.
Role Assessment Lead (AL)
Course Length Three hours
Course Mode Virtual/Online
Course Agenda

Learning Objective (LO)

  • LO1: State the purpose of CPGs.
  • LO2: Describe basic CSET® capabilities.
  • LO3: Demonstrate how to perform a CPG assessment.
  • LO4: Discuss CPG Performance Summaries.
  • LO5: Describe CSET® export capabilities. 

Contact

If you have questions or require assistance, contact aestraining@mail.cisa.dhs.gov

Tags

Audience: Federal Government, Industry, Small and Medium Businesses
Topics: Cybersecurity Best Practices, Industrial Control Systems, Organizations and Cyber Safety, Securing Networks

Related Training