Cybersecurity guardrails developed by the Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency have been issued for grant-funded infrastructure projects, the White House announced Tuesday. The guidance sets the tools and resources for incorporating cybersecurity into grant programs and building cyber resilience in infrastructure projects, the announcement said.
The 75-page guide, titled “Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure,” serves as a roadmap for both grant-issuing agencies and award recipients, as well as critical infrastructure owners and operators.
Table of Contents
Complementary to Investing in America Agenda
Issued as the Biden Administration is pursuing the Investing in America agenda focused on infrastructure development and rebuilding, the guidance fills the government’s obligation to build in cybersecurity by design, Harry Coker, White House national cyber director, said.
“As organizations seek to take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation,” remarked CISA Director Jen Easterly, a 2024 Wash100 awardee.
Cyber Plan Templates and Model Language
The playbook recommends cybersecurity steps throughout the management lifecycle of the grant programs, including assessment processes on project cyber risks and corresponding cybersecurity plans. In addition, the guide provides templates that grant awardees can use in developing cyber risk assessments and project cybersecurity plans.
For grant program managers and sub-awarding entities, the guidance recommends the model language for their notices of funding opportunity and grant terms and conditions. The guide also provides the resources available to support grant awardees’ project execution, such as the CISA Cybersecurity Performance Goal Checklist Adapted for Grant Recipients.