The HSCC Cybersecurity Working Group advises CISA to recognize the many cybersecurity tools and resources developed specifically for the health sector, and that any CISA Common Baseline Cybersecurity Performance Goals should align closely to these health sector resources to minimize confusion in the sector about the preferred frameworks to implement.
The letter was developed by members of the Measurement and Policy Task Groups, and the CWG Executive Committee.
CISA was tasked by a 2021 White House National Security Memorandum with developing common baseline performance goals for critical infrastructure sectors, with an initial emphasis on control systems. The resulting draft product, however, maintains a generalized approach to cybersecurity controls and measures – more on the controls and less on the actual performance measures.
CISA published a request for comment, and HHS asked for health sector groups to submit their comments to HHS for bundling into a single sector transmission to CISA. We submitted the letter to both HHS and CISA.