摘要
美国国土安全部于2022年10月28日正式发布了《跨部门网络安全绩效目标》(CPG)。该文件用以解决在过去近十年中《网络安全框架》(CSF)实施过程中所出现的问题,重点关注关键基础设施防护效果的科学评价,创造性地将安全保护措施的费效与绩效相结合,指导网络安全状态各异的组织在网络安全保护方面进行合理有效投资。本文从CPG的产生背景出发,介绍了CPG的主要内容和未来发展趋势,分析了CPG的技术文件,论述了CPG与现有CFS的关系及使用方式,最后初步研判了CPG对关键基础设施安全保护的影响。
The Department of Homeland Security officially released the Cybersecurity Performance Goals(CPG)on October 28,2022.This document addresses the problems arising from the implementation of the Cybersecurity Framework(CSF)during the past decade,focuses on the scientific evaluation of the effectiveness of critical infrastructure protection,creatively combines the cost and performance of security measures,and guides organizations with different cybersecurity status to make reasonable and effective investments in cybersecurity protection.This paper starts from the background of CPG,introduces the main content and future development trend of CPG,analyzes the technical documents of CPG,discusses the relationship between CPG and the existing CFS and the way of use,and finally makes a preliminary study and judgment of the impact of CPG on the security protection of critical infrastructure.
作者
单博深
左晓栋
Shan Boshen;Zuo Xiaodong(School of Cyber Science and Technology,University of Science and Technology of China,Hefei Anhui,230041;School of Public Affair,University of Science and Technology of China,Hefei Anhui,230041)
出处
《工业信息安全》
2022年第10期13-18,共6页
Industry Information Security
关键词
CPG
关键信息基础设施保护
安全绩效
CPG
Critical Information Infrastructure Protection
Security Performance
