State and Local Cybersecurity Grant Program (SLCGP)
The State and Local Cybersecurity Grant Program (SLCGP) has introduced an unprecedented opportunity for governments below the federal level to apply whole-of-state cybersecurity models to meet the persistent cyber threats they face. Information on the grant program, which is administered by the US Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA), can be found at cisa.gov/cybergrants. FAQs are available at https://www.cisa.gov/cybergrants-faq and https://www.fema.gov/sites/default/files/documents/fema_slcgp-faq_112022.pdf.
One of the requirements of the grant program is a State Cybersecurity Plan. The MS- and EI-ISAC, the Center for Internet Security (CIS), and CISA are able to support numerous required elements of your State Cybersecurity Plans as follows.
Manage, monitor, and track information systems, applications, and user accounts
CIS | MS-ISAC
No-Cost Offerings
Fee-Based Offerings
CISA Offerings
Open Source Offerings
Asset Inventory Tools:
- Snipe-IT
- OpenAudIT
- Nmap
- Zenmap
Identity Access Mgmt & MFA Tools:
- Authentik
- Ory
- PrivacyIDEA
Best Practices
- Asset inventory tool
- Identity Access & Management solution
- Multi-Factor Authentication (MFA)
Monitor, audit, and track network traffic and activity to/from information systems, applications, and user accounts
CIS | MS-ISAC
No-Cost Offerings
- 24x7x365 Security Operations Center
- Albert Network Monitoring (States and Election Infrastructure – for approved entities)
- Malicious Domain Blocking & Reporting (MDBR) (domain monitoring)
- ISAC Threat Notification Service (IP and domain monitoring)
Fee-Based Offerings
- Albert Network Monitoring and Management
- CIS Managed Security Services (log monitoring)
- CIS Endpoint Security Services (host monitoring)
- Malicious Domain Blocking & Reporting Plus (MDBR+)
CISA Offerings
Open Source Offerings
Network Monitoring Tools:
- ELK stack
- pfSense
- Snort
- Suricata
- OpenNAC
- PacketFence
Data Breach Detection & Response:
- OpenDLP
Security Incident & Event Mgmt (SIEM) Tools:
- SIEM Monster
- AlienVault OSSIM
- Google Rapid Response
- Security Onion
- WAZUH
Best Practices
- Security Incident & Event Management
- Consolidated log storage
- Network segmentation
Enhance preparation, response, and resiliency of information systems, applications, and user accounts
CIS | MS-ISAC
No-Cost Offerings
- CIS Controls/Companion Guides
- CIS Benchmarks
- CIS SecureSuite (CIS-CAT Pro, CIS Build Kits, CIS CSAT/CSAT Pro)
- CIS RAM
- CIS CSAT Ransomware Business Impact Analysis tool
- ISAC sample policies and policy templates
Fee-Based Offerings
CISA Offerings
- Cyber Resiliency Review
- CISA & MS-ISAC Joint Ransomware Guide
- Ransomware Readiness Assessment
Open Source Offerings
- Open SCAP
- RANCID
- Zabbix
- Hive/Cortex
- SIFT Workstation
Best Practices
- Secure builds
- Monitoring
- Disaster recovery site
- Offline backups
- Network segmentation
- MFA
Implement continuous cybersecurity vulnerability assessments and threat mitigations prioritized by risk severity
CIS | MS-ISAC
No-Cost Offerings
- ISAC Cybersecurity Advisories
- ISAC Cyber Threat Intelligence (CTI) Products & Real-Time Threat Feeds
- ISAC Threat Notification Service (IP and domain monitoring)
- EI-ISAC Coordinated Vulnerability Disclosure Program
Fee-Based Offerings
CISA Offerings
- Cyber Hygiene ("CyHy")
- Known Exploited Vulnerability Catalog
- National Cybersecurity and Communications Integration Center
- Automated Indicator Sharing
Open Source Offerings
- OpenVAS
- MISP
Best Practices
- Regular vulnerability scans focused on externally facing and critical systems
- Regular patch and configuration management
- Change control processes
Ensure adoption and use of best practices and methodologies to enhance cybersecurity, such as practices set forth in NIST cybersecurity framework; of cyber supply chain risk management best practices identified by NIST; and of knowledge bases of adversary tools and tactics
CIS | MS-ISAC
No-Cost Offerings
- CIS Controls/Companion Guides/Mappings
- CIS Benchmarks
- EI-ISAC Endpoint Detection & Response
- Malicious Domain Blocking & Reporting (MDBR)
- ISAC Cyber Threat Intelligence (CTI) Products & Real-Time Threat Feeds
- CIS Community-based Defense-in-Depth model
Fee-Based Offerings
- Malicious Domain Blocking & Reporting Plus (MDBR+)
- CIS Endpoint Security Services
- CIS CyberMarket
CISA Offerings
Open Source Offerings
Best Practices Frameworks & Resources:
- NIST Cybersecurity Framework
- MITRE ATT&CK
- StateRAMP
Best Practices
Promote delivery of safe, recognizable, and trusted online services, including through use of the GOV domain
CIS | MS-ISAC
No-Cost Offerings
Fee-Based Offerings
- Malicious Domain Blocking and Reporting Plus (MDBR+)
CISA Offerings
Open Source Offerings
N/A
Best Practices
- DMARC/DKIM/SPF
- DNSSEC
- HTTPS
- MFA and strong passwords
Ensure continuity of operations in the event of a cybersecurity incident, including by conducting exercises to practice responding to a cyber incident
CIS | MS-ISAC
No-Cost Offerings
- Cyber Incident Response Team (CIRT)
- CIS CSAT Ransomware Business Impact Analysis tool
- Business Resiliency Work Group Tabletop Exercise (TTX)
- ISAC Incident Response and other policy templates
Fee-Based Offerings
- N/A
CISA Offerings
- CISA & MS-ISAC Joint Ransomware Guide
- CISA Exercise Team
Open Source Offerings
N/A
Best Practices
- Establish and test incident response and disaster recovery policies and procedures
Use NIST NICE to identify and mitigate cyber workforce gaps, enhance cyber recruitment and retention, as well as improve knowledge, skills, and abilities through cyber training
CIS | MS-ISAC
No-Cost Offerings
- U.S. Cyber Challenge
- SOC Apprentice Program
- MS-ISAC Leadership Mentorship Program
- ISACs Annual Meeting
- MS-ISAC working groups
- MS-ISAC monthly webinars, training, & education
Fee-Based Offerings
CISA Offerings
- FedVTE
- ICS-CERT Virtual Learning Portal
Open Source Offerings
N/A
Best Practices
- Keep technical skills of your team sharp
- Develop a “culture of learning and development”
- Maintain high awareness of common attacks for all staff
Ensure continuity of communications and data networks in the event of an incident involving those communications or data networks
CIS | MS-ISAC
No-Cost Offerings
- Nationwide Cybersecurity Review (NCSR)
- Foundational Assessment
- CIS-CAT Pro
- CIS CSAT/CSAT Pro
- CIS RAM
- CIS CSAT Ransomware Business Impact Analysis tool
Fee-Based Offerings
CISA Offerings
- External Dependencies Management Assessment
Open Source Offerings
N/A
Best Practices
- High availability solutions
- Disaster recovery
- Offline backups
Assess and mitigate cyber risks and threats to critical infrastructure and key resources
CIS | MS-ISAC
No-Cost Offerings
- Nationwide Cybersecurity Review (NCSR)
- Foundational Assessment
- CIS-CAT Pro
- CIS CSAT/CSAT Pro
- CIS RAM
- CIS CSAT Ransomware Business Impact Analysis tool
Fee-Based Offerings
CISA Offerings
- Cyber Resiliency Review
- Cyber Infrastructure Survey
Open Source Offerings
- Google’s GRR Rapid Response framework
- Alien Vault OSSIM
- SIFT Workstation
- The Hive Project
Best Practices
Enhance capabilities to share cyber threat indicators and related information between the state/territory and local governments and/or DHS
CIS | MS-ISAC
No-Cost Offerings
- MS-ISAC membership
- EI-ISAC membership
- Malicious Code Analysis Platform (MCAP)
- ISAC Cyber Threat Intelligence (CTI) Products & Real-Time Threat Feeds
Fee-Based Offerings
- N/A
CISA Offerings
- Malware Next Gen (MNG)
- Automated Indicator Sharing (AIS)
Open Source Offerings
- MISP
- Hive/Cortex
Best Practices
- Use community awareness and open sharing of threat
Leverage cybersecurity services offered by DHS
CIS | MS-ISAC
No-Cost Offerings
- MS-ISAC membership
- EI-ISAC membership
- Malicious Domain Blocking & Reporting (MDBR)
- EI-ISAC Endpoint Detection & Response
- Albert Network Monitoring (States and Election Infrastructure – for approved entities)
- Cyber Threat Intelligence (CTI)
- CIS Security Operations Center (SOC)
- Malicious Code Analysis Platform (MCAP)
- Nationwide Cybersecurity Review (NCSR)
- ISAC Cybersecurity Advisories
- ISAC Cyber Threat Intelligence (CTI) Products & Real-Time Threat Indicator Feeds
Fee-Based Offerings
- N/A
CISA Offerings
- Cyber Resource Hub
Open Source Offerings
- N/A
Best Practices
- N/A
Implement an IT and OT modernization cybersecurity review process that ensures alignment between IT and OT objectives
CIS | MS-ISAC
No-Cost Offerings
- N/A
Fee-Based Offerings
- N/A
CISA Offerings
- ICS CERT recommended practices
- ICS training
- Cyber Security Evaluation Tool (CSET)
Open Source Offerings
- Critical Infrastructure Protection Training from Idaho National Labs
Best Practices
- N/A
Develop and coordinate strategies to address cyber risks and threats in consultation with local governments and, as applicable, neighboring states/territories, ISAC members, and neighboring countries
CIS | MS-ISAC
No-Cost Offerings
Fee-Based Offerings
- N/A
CISA Offerings
- N/A
Open Source Offerings
- Critical Infrastructure Protection Training from Idaho National Labs
Best Practices
- N/A
Ensure adequate access to and participation in items covered by the grant by rural areas
CIS | MS-ISAC
No-Cost Offerings
- N/A
Fee-Based Offerings
- N/A
CISA Offerings
- N/A
Open Source Offerings
- N/A
Best Practices
- N/A
Distribute funds, items, services, capabilities, and/or activities to local governments
CIS | MS-ISAC
No-Cost Offerings
- N/A
Fee-Based Offerings
- N/A
CISA Offerings
- N/A
Open Source Offerings
- N/A
Best Practices
- N/A