The U.S. Cybersecurity and Infrastructure Security Agency published a new Cybersecurity Strategic Plan that will guide CISA’s efforts through fiscal year 2026 Aligned with the White House National Cybersecurity Strategy and nested under CISA’s overall Strategic Plan, the new CISA plan provides a blueprint for how the agency will address current and future cyber threats, help organizations become more secure and resilient, and ensure that technology products are secure by design and default. To this end, the Strategic Plan outlines three enduring goals: 

• Address Immediate Threats by making it increasingly difficult for our adversaries to achieve their goals by targeting American and allied networks; 
• Harden the Terrain by adopting strong practices for security and resilience that measurably reduce the likelihood of damaging intrusions; and 
• Drive Security at Scale by prioritizing cybersecurity as a fundamental safety issue and ask more of technology providers to build security into products throughout their lifecycle, ship products with secure defaults, and foster radical transparency into their security practices so that customers clearly understand the risks they are accepting by using each product. 

Under the plan CISA’s efforts must have have a measurable impact in reducing cybersecurity risk. This emphasis on impact includes the creation of better outcome-based measures of effectiveness. .