The Cybersecurity and Infrastructure Security Agency (CISA) has released Cybersecurity Performance Goals (CPG) 2.0, an updated set of measurable, cross-sector cybersecurity actions designed to help critical infrastructure organizations achieve a foundational level of cyber resilience. The update reflects lessons learned since the original release and aligns with the latest revisions to the National Institute of Standards and Technology (NIST) Cybersecurity Framework while addressing today’s most common and impactful threats. A major enhancement in CPG 2.0 is a new emphasis on governance, highlighting accountability, risk management, and the integration of cybersecurity into everyday business operations. CISA underscores that strong governance is essential to building and sustaining a resilient cyber posture. The updated goals are streamlined, outcome-driven, and applicable to both information technology and operational technology environments. Overall, CPG 2.0 provides clear, practical guidance to help organizations prioritize investments, benchmark progress, and measurably reduce cyber risk. For additional information, refer to the newly updated CISA CPGs.