BIG BEAD Cybersecurity Risk Management

Page 1

BIGBEADCybersecurity RiskManagement

Overview

AllBIGBEADsubgrantees,inaccordancewiththeNational TelecommunicationsandInformationAdministration(NTIA) BEADNoticeofFundingOpportunity(NOFO)andUtah BroadbandCenter’s(UBC)approvedInitialProposalVol 2 mustmeetthefollowingconditionstoreceivefederalfunds throughthisprogram

CybersecurityPlan

Subgranteesmusthaveacybersecurityriskmanagementplan, eitheroperationalorreadytobeoperationalized,dependingon whethertheyarealreadyprovidingbroadbandor telecommunicationsservices.

CompliancewithStandards 3

TheplanmustalignwiththelatestNationalInstituteofStandardsand Technology(NIST)CybersecurityFramework(Version1.1)andExecutiveOrder 14028,includingsecurityandprivacycontrols Thelatestupdatesinclude:

PreparetheOrganization: Ensuretheorganization’speople,processes,andtechnologyarepreparedto performsecuresoftwaredevelopmentattheorganizationleveland,insomecases,foreachindividual project.

ProtecttheSoftware:Protectallcomponentsofthesoftwarefromtamperingandunauthorizedaccess. ProduceWell-SecuredSoftware:Producewell-securedsoftwarethathasminimalsecurity vulnerabilitiesinitsreleases.

RespondtoVulnerabilities:Identifyvulnerabilitiesinsoftwarereleasesandrespondappropriatelyto addressthosevulnerabilitiesandpreventsimilarvulnerabilitiesfromoccurringinthefuture.

Reevaluation

Theplanmustbeperiodicallyreviewedandupdated.

TheplanmustbesubmittedtoUBCbeforeBIGfundsare allocated Anysubstantiveupdatesrequiresubmissionofa revisedplantoUBCwithin30daysoftheplan’srevision SubmissionRequirement 5

1 2 3 4

BIGBEADSupplyChainRiskManagement

SupplyChainRiskManagement(SCRM)Plan

TheprospectivesubgranteemusthaveaSCRMplaninplace thatiseitheroperational,iftheprospectivesubgranteeis alreadyprovidingserviceatthetimeofthegrant,orreadytobe operationalizedifitisnotyetprovidingserviceatthetimeof grantaward.

CompliancewithStandards

Theplanmustbebasedonthekeypracticesdiscussedinthe NISTpublicationNISTIR8276,KeyPracticesinCyberSupply ChainRiskManagement;ObservationsfromIndustryandrelated SCRMguidanceformNIST,includingNIST800-161, CybersecuritySupplyChainRiskManagementPracticesfor SystemsandOrganizations.Theplanmustspecifythesupply chainriskmanagementcontrolsbeingimplemented.

Reevaluation

Theplanmustbereevaluatedandupdatedonaperiodicallyand aseventswarrant

SubmissionRequirement

TheplanmustbesubmittedtoUBCbeforeBIGfundsare allocated.Anysubstantiveupdatesrequiresubmittinga revisedplantoUBCwithin30daysoftheplan’srevision.UBC mustprovideasubgrantee’splantoNTIAuponNTIA’s request

EligibleUsesofFunding

Networksoftwareupgrades,includingcybersecuritysolutions TrainingforcybersecurityprofessionalsworkingonBEAD-fundednetworks Ifnondeploymentfundsareavailable: Usertrainingoncybersecurity,privacy,anddigitalsafety Computerscience,coding,andcybersecurityeducationprograms

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.