Zero-cost Tools and Services for CISA CPG Third-party Validations

The Cybersecurity Performance Goals (CPGs) from the Cybersecurity and Infrastructure Security Agency (CISA) were designed to help establish a common set of fundamental cybersecurity practices for public and private sector critical infrastructure in the United States.

The CPGs are organized into five focus areas (Identify, Protect, Detect, Respond, and Recover) with all CPGs listed as subsections inside one of the five areas.

CISA recommends taking advantage of third-party validation options to help identify cybersecurity gaps. Many of these options are available for no cost through CISA itself or through U.S companies.

Below you’ll find information some zero-cost, third-party validation options mapped to the relevant CPG as numbered by CISA.

See this link for the full list of CPGs from CISA.


IDENTIFY: CPG #1.E Mitigating Known Vulnerabilities


IDENTIFY: CPG #1.F Third-Party Validation of Cybersecurity Control Effectiveness


PROTECT: CPG #2.B Minimum Password Strength & #2.C Unique Credentials


PROTECT: CPG #2.P Document Network Topology


PROTECT: CPG #2.R System Backups


PROTECT: CPG #2.S Incident Response Plans


PROTECT: CPG #2.W No Exploitable Services on the Internet


DETECT: CPG #3.A Detecting Relevant Threats and TTPs (Tactics, Techniques, and Procedures)


RESPOND: CPG #4.A Incident Reporting


RESPOND: CPG #4.C Deploy Security.txt Files


RECOVER: 5.A Incident Planning and Preparedness


Ready to Get Started?

With more than 30 years of real-world experience in network, security, cloud, and data center technologies, Trinsio’s team of best-in-class technologists are here to help.

Trinsio offers many complementary services to help you get started as you strive to meet CISA’s guidance on third-party validations for various cybersecurity protections in the CPGs.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *