The Cybersecurity and Infrastructure Security Agency (CISA) and Office of the National Cyber Director (ONCD) published a guide yesterday with tools and resources to enable grant-making agencies to incorporate cybersecurity into their grant programs and to enable grant-recipients to build cyber resilience into their grant-funded infrastructure projects. This guide is for federal grant program managers, critical infrastructure owners and operators and organizations such as state, local, tribal, and territorial governments who subaward grant program funds, and grant program recipients.
Given the importance of securing the Nation’s critical infrastructure, the Government has made a historic investment through the passage of the Infrastructure Investment and Jobs Act (IIJA), Inflation Reduction Act (IRA), and Creating Helpful Incentives to Produce Semiconductors (CHIPS) and Science Act. The United States has a unique opportunity and national security imperative to build cyber resilience into this next generation of American infrastructure.
This guide, Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure, helps all grant-making agencies to incorporate cybersecurity requirements into their respective grant programs. It provides tools and resources the grant program can direct applicants towards to support their ability to meet the requirements. Specifically, this guidance contains:
- Recommended actions to incorporate cybersecurity into grant programs throughout the grant management lifecycle.
- Model language for grant program managers and sub-awarding organizations to incorporate into Notices of Funding Opportunity (NOFOs) and Terms & Conditions.
- Templates for recipients to leverage when developing a Cyber Risk Assessment and Project Cybersecurity Plan.
- Comprehensive list of cybersecurity resources available to support grant recipient project execution.
“We are excited to provide this guidance to grant-making organizations, along with our teammates at the Office of the National Cyber Director,” said Jen Easterly, CISA Director. “As organizations seek to take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation.”
“ONCD, along with our partners at CISA, continues to advocate for cybersecurity to be incorporated into the foundation and design of the Nation’s critical infrastructure,” said Harry Coker Jr., White House National Cyber Director. “As we make investments in rebuilding and updating our infrastructure through funding such as made available from the Investing in America agenda, we have the opportunity and obligation to build in cybersecurity by design. We need infrastructure projects to be shovel ready and cyber ready. That’s why we’re proud that the guidance released today will serve as a helpful resource to help our partners and recipients build cybersecurity into infrastructure projects from the beginning.”
CISA and ONCD developed this playbook to be a minimal burden on the federal grant awarding process. The recommended guidance and actions are flexible for the recipient while providing a mechanism to support inclusion of baseline cybersecurity best practices.
Federal grant program managers administrating grants, the state governments or others sub-awarding grant program funds, and critical infrastructure owners and operators applying for federal grants are encouraged to review and incorporate this guidance.
The playbook can be found here on
The original announcement can be found here.