January 31, 2025

Date: December 17, 2024

 Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure which provides federal grant-awarding program managers and critical infrastructure owners and operators with tools to both effectively communicate cybersecurity needs and related actions to build cyber resilience into their projects.  

The guide provides actions to build baseline cybersecurity best practices into grant-funded projects and develop long-term strategies to continuously address cybersecurity risk even after the award completes. CISA and ONCD sought to make this Playbook immediately actionable by grant programs by providing model language for inclusion in Notice of Funding Opportunities (NOFOs) and award terms and conditions. Specifically, this guidance contains: 

• Recommended actions to incorporate cybersecurity into grant programs throughout the grant management lifecycle. 

• Model language for grant program managers and sub-awarding organizations to incorporate into NOFOs and Terms & Conditions.  

• Templates for recipients to leverage when developing a Cyber Risk Assessment and Project Cybersecurity Plan. 

• Comprehensive list of cybersecurity resources available to support grant recipient project execution. 

To reduce burden on the grant making agency and on the grant recipient, CISA and ONCD crafted the recommended approach to be maximally flexible for the recipient while providing a mechanism to support baseline cybersecurity best practice inclusion in infrastructure projects.  

Federal grant program managers administrating grants, the state governments, or others sub-awarding grant program funds, and critical infrastructure owners and operators applying for federal grants are encouraged to review and incorporate this guidance. The playbook can be found here on CISA.gov.   

• MS-ISAC is pleased to announce that the recording of the presentations from the SOC Forum, held on December 18, 2024, is now accessible for viewing here.

• CISA

  • Summary for week December 9 

  • Adobe/Microsoft 

  • Summary for week December 16 

  • Palo Alto 

  • Summary for week December 23 

  • Palo Alto Summary for week December 30 

  • Oracle/Mitel 

  • Ivanti 

  • Summary for week January 6 

  • Fortinet 

  • Adobe 

  • Microsoft 

  • Summary for week January 13 

  • JQuery 

  • Sonic Wall 

  • Summary for week January 20 

  • Apple 

• Cybersecurity Discussion

• CoSN Cybersecurity 

• Statewide Cyber Security Insurance

• Power School

  • Hosted vs On Prem

    • Set up geo fencing

  • Power School to reach out to affected schools

• January 2025 Tech Buzz 

• Potential Statewide Identity Theft - Aura