DOCUMENT
CISA SED CSRB-Grants Industry Day Brief FINAL 23 Feb 2022.pdf
OVERVIEW
Original Source
Contract Opportunity
Related Opportunity
Related Agency
Posted
March 17, 2022
Type
.pdf
Size
0.74MB
Profiled People
DOCUMENT PREVIEW
EXTRACTED TEXT
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
WELCOME!
CISA Stakeholder Engagement Division
(SED)Virtual Industry Day
23 February 2022
Hosted By the Office of the Chief Acquisition Executive (OCAE)
February 23, 2022
CISA SED Virtual Industry Day-Agenda
1:00pm 1:05pm
Topic
Welcome & Introduction
1:05pm 1:15pm
1:15pm 1:20pm
1:20pm 1:30pm
1:30pm 1:55pm
1:55pm 2:10pm
2:15pm 3:00pm
3:05pm 3:10pm
3:10pm 3:15pm
Dr. Luicana Nicole Turner Office of the Chief Acquisition Executive
(OCAE)
Nitin Natarajan - CISA Deputy Director
David Patrick OCAE Chief Acquisition Executive (A)
Opening Remarks
CAE Overview
SED Office Overview and Focus Areas Alaina Clark Assistant Director Stakeholder Engagement Division (SED)
Cyber Safety Review Board (CSRB)
State and Local Cybersecurity Grants
Breakout Session
Summary Remarks
Next Steps
Helen Jackson SED
Kevin Dillion SED
SED select personnel
David Patrick, OCAE
Dr. Luicana Nicole Turner, OCAE
Speaker
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
CYBERSECURITY AND INFRASTRUCTURE
SECURITY AGENCY
OPENING REMARKS
NITIN NATARAJAN
CISA DEPUTY DIRECTOR
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
OFFICE OF THE CHIEF ACQUISITION
EXECUTIVE (OCAE)
DAVID PATRICK
CHIEF ACQUISITION EXECUTIVE (A)
VIRTUAL INDUSTRY DAY FEBUARY 2022
February 23, 2022
C Y B E R S E C U R I T Y &
I N F R A S T R U C T U R E
S E C U R I T Y A G E N C Y
Office of the Chief
Acquisition Executive
(OCAE)
Provide mission
solutions that are
affordable,
supportable, and
effective.
Support and enable CISAs
Homeland Security missions
through effective and efficient
acquisition program
management and procurement.
CHIEF ACQUISITION EXECUTIVE (CAE)
DAVID PATRICK
DEPUTY CAE
PROCUREMENT
JUAN ARRATIA
ACTING DEPUTY CAE
BUSINESS OPERATIONS
MEGHAN GILMORE
ACTING DEPUTY CAE
ACQUISITION PROGRAM GOVERNANCE
TIMOTHY RUNFOLA
KEY FUNCTIONS
SUPPORT, EXECUTION, & GOVERNANCE
POLICY & PROCEDURE
WORKFORCE DEVELOPMENT
DATA & REPORTING
ORGANIZATIONAL DEVELOPMENT
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
STAKEHOLDER ENGAGEMENT DIVISION
OVERVIEW AND FOCUS AREAS
ALAINA CLARK
ASSISTANT DIRECTOR
VIRTUAL INDUSTRY DAY FEBUARY 2022
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
UPCOMING OPPORTUNITY:
CYBER SAFETY REVIEW BOARD
HELEN JACKSON
STAKEHOLDER ENGAGEMENT DIVISION (SED)
February 23, 2022
Cyber Safety Review Board (CSRB) Overview
The Secretary of Homeland Security (Secretary), in consultation with the Attorney General, is
establishing the Cyber Safety Review Board (CSRB) as directed by the Executive Order titled, Improving
the Nations Cybersecurity, and pursuant to the Homeland Security Act of 2002.
Due to the sensitive nature of the subject matter involved, the Secretary exempts the CSRB from Public
Law 92-463, The Federal Advisory Committee Act (FACA), 5 U.S.C. App.
The CSRB shall review and assess, with respect to significant cyber incidents (as defined under
Presidential Policy Directive 41 (PPD-41), United States Cyber Incident Coordination, of July 26, 2016)
affecting Federal Civilian Executive Branch (FCEB) Information Systems or non-Federal system:
threat activity,
vulnerabilities,
mitigation activities, and
agency responses.
February 23, 2022
CSRB Membership
The CSRB will be composed of no more than 20 standing members who are
appointed by the CISA Director.
Membership shall include at least one representative from the Department of Defense, the
Department of Justice, Department of Homeland Security (DHS), CISA, the National
Security Agency, and the Federal Bureau of Investigation. A representative from the Office
of Management and Budget shall participate in CSRB activities when an incident under
review involves FCEB Information Systems.
The CISA Director, in coordination with the DHS Under Secretary for Strategy, Policy and
Plans, shall appoint individuals from private sector entities to include appropriate
cybersecurity or software suppliers.
February 23, 2022
CSRB Requirements - Program Management (Draft)
Cybersecurity-Related Administrative, Program Management, and Drafting
Support
Select Contractor Personnel will be required to have a Top-Secret Clearance with
Sensitive Compartmented Information Eligibility.
Provide expertise in developing, supporting and coordinating project timelines and
milestones for the Cyber Safety Review Board.
Provide recommendations for strategic improvements regarding management and
operations of the Board (membership criteria, process flows, etc.).
Support Board activities, including administrative and logistical support for meetings.
February 23, 2022
CSRB Requirements - Program Management (Draft)
Continued
Cybersecurity-Related Administrative, Program Management, and Drafting
Support
Provide cybersecurity subject matter expertise on a variety of topics in support of Board
activities. Conduct background research and analysis in support of Board activities, to
include consolidation, analysis, and/or editing of technical materials such as reports of
research findings, technical articles, news releases, standard operating procedures,
guidance documents, and regulations.
Develop informational products for internal and external stakeholders in the form of fact
sheets, reports, memos, and recommendations.
Maintain historical information through a properly maintained administrative records
system and ensuring compliance with applicable records management policies.
February 23, 2022
CSRB Requirements - Cyber Investigative Services (Draft)
Cyber Investigative Services
Collect and analyze public and nonpublic documents, reports, assessments, and
other records regarding cyber incidents under review as requested by CISA
federal staff in support of the Board and the CSRB Subcommittee.
Draft, at the direction of CISA federal staff in support of the Board, requests for
additional nonpublic documents and records related to cyber incidents and
responses to support the development of factual records that can inform Board
recommendations.
February 23, 2022
CSRB Requirements - Cyber Investigative Services (Draft)
continued
Cyber Investigative Services
Identify subject matter experts for potential interviews or briefings for the Board
and support Board interviews and meetings, as well as Subcommittee meetings,
at the direction of CISA federal staff, by reviewing relevant documents, preparing
outlines of topics and questions, taking meeting notes, summarizing key findings,
and identifying required follow up requests for documents or additional interviews
and briefings.
The above could include CSRB Board and Subcommittee meetings that involve
individuals or entities involved in cyber incidents and responses or who otherwise
have information relevant to reviews conducted by the Board.
Provide other incident review support requested by CISA.
February 23, 2022
CSRB Requirements - Cyber Forensics Analysis (Draft)
Cyber Forensics Analysis
Review technical documents, reports, assessments, and other records regarding
causes of cyber incidents subject to review or relevant to the cyber incident and
response to support the Boards review.
Provide technical subject matter expertise as required to support activities of the
Board, including related to software and hardware security practices,
vulnerabilities, industry best-practices and standards, IT systems and
management, control systems, and other matters identified by the Board and as
directed by CISA federal staff.
Provide other cyber forensic and technical support required by CISA federal staff.
February 23, 2022
CSRB Requirements- Analysis and Drafting (Draft)
Analysis and Drafting
Prepare written analysis of cyber incidents and responses as directed by CISA
federal staff in support of the Board, to include factual record of events, technical
analysis of causes and responses to cyber incidents, and as otherwise required to
support the recommendations of the Board.
Draft written summary of factual and technical findings related to cyber incidents
and responses under review.
Prepare, at the direction of CISA federal staff in support of the Board, and subject
to the Boards review, meeting minutes reflecting the deliberations and findings of
the Board.
Provide other analysis and drafting support required by CISA federal staff.
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
UPCOMING OPPORTUNITY:
STATE AND LOCAL CYBERSECURITY GRANT
PROGRAM
KEVIN DILLION
STAKEHOLDER ENGAGEMENT DIVISION (SED)
February 23, 2022
Summary of Law
$1B over 4 years
Funds appropriated to FEMA; CISA identified as subject matter expert
Baseline allocation plus population-based allocation formula
80% passthrough to local entities
25% of total state allocation must go to rural communities (49 USC 5302)
Increasing SLTT cost share over time
Multi-entity grants can be made to groups of eligible entities
Defined uses of funds
Develop and revise Cybersecurity Plan
Implement Cybersecurity Plan (including individual projects)
Grant administration (5%)
Eligible entities States, territories and tribes (25 USC 5131); subawards made to local entities
Address imminent cybersecurity threats, as confirmed by the Secretary, acting through the Director
Fund any other appropriate
WELCOME!
CISA Stakeholder Engagement Division
(SED)Virtual Industry Day
23 February 2022
Hosted By the Office of the Chief Acquisition Executive (OCAE)
February 23, 2022
CISA SED Virtual Industry Day-Agenda
1:00pm 1:05pm
Topic
Welcome & Introduction
1:05pm 1:15pm
1:15pm 1:20pm
1:20pm 1:30pm
1:30pm 1:55pm
1:55pm 2:10pm
2:15pm 3:00pm
3:05pm 3:10pm
3:10pm 3:15pm
Dr. Luicana Nicole Turner Office of the Chief Acquisition Executive
(OCAE)
Nitin Natarajan - CISA Deputy Director
David Patrick OCAE Chief Acquisition Executive (A)
Opening Remarks
CAE Overview
SED Office Overview and Focus Areas Alaina Clark Assistant Director Stakeholder Engagement Division (SED)
Cyber Safety Review Board (CSRB)
State and Local Cybersecurity Grants
Breakout Session
Summary Remarks
Next Steps
Helen Jackson SED
Kevin Dillion SED
SED select personnel
David Patrick, OCAE
Dr. Luicana Nicole Turner, OCAE
Speaker
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
CYBERSECURITY AND INFRASTRUCTURE
SECURITY AGENCY
OPENING REMARKS
NITIN NATARAJAN
CISA DEPUTY DIRECTOR
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
OFFICE OF THE CHIEF ACQUISITION
EXECUTIVE (OCAE)
DAVID PATRICK
CHIEF ACQUISITION EXECUTIVE (A)
VIRTUAL INDUSTRY DAY FEBUARY 2022
February 23, 2022
C Y B E R S E C U R I T Y &
I N F R A S T R U C T U R E
S E C U R I T Y A G E N C Y
Office of the Chief
Acquisition Executive
(OCAE)
Provide mission
solutions that are
affordable,
supportable, and
effective.
Support and enable CISAs
Homeland Security missions
through effective and efficient
acquisition program
management and procurement.
CHIEF ACQUISITION EXECUTIVE (CAE)
DAVID PATRICK
DEPUTY CAE
PROCUREMENT
JUAN ARRATIA
ACTING DEPUTY CAE
BUSINESS OPERATIONS
MEGHAN GILMORE
ACTING DEPUTY CAE
ACQUISITION PROGRAM GOVERNANCE
TIMOTHY RUNFOLA
KEY FUNCTIONS
SUPPORT, EXECUTION, & GOVERNANCE
POLICY & PROCEDURE
WORKFORCE DEVELOPMENT
DATA & REPORTING
ORGANIZATIONAL DEVELOPMENT
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
STAKEHOLDER ENGAGEMENT DIVISION
OVERVIEW AND FOCUS AREAS
ALAINA CLARK
ASSISTANT DIRECTOR
VIRTUAL INDUSTRY DAY FEBUARY 2022
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
UPCOMING OPPORTUNITY:
CYBER SAFETY REVIEW BOARD
HELEN JACKSON
STAKEHOLDER ENGAGEMENT DIVISION (SED)
February 23, 2022
Cyber Safety Review Board (CSRB) Overview
The Secretary of Homeland Security (Secretary), in consultation with the Attorney General, is
establishing the Cyber Safety Review Board (CSRB) as directed by the Executive Order titled, Improving
the Nations Cybersecurity, and pursuant to the Homeland Security Act of 2002.
Due to the sensitive nature of the subject matter involved, the Secretary exempts the CSRB from Public
Law 92-463, The Federal Advisory Committee Act (FACA), 5 U.S.C. App.
The CSRB shall review and assess, with respect to significant cyber incidents (as defined under
Presidential Policy Directive 41 (PPD-41), United States Cyber Incident Coordination, of July 26, 2016)
affecting Federal Civilian Executive Branch (FCEB) Information Systems or non-Federal system:
threat activity,
vulnerabilities,
mitigation activities, and
agency responses.
February 23, 2022
CSRB Membership
The CSRB will be composed of no more than 20 standing members who are
appointed by the CISA Director.
Membership shall include at least one representative from the Department of Defense, the
Department of Justice, Department of Homeland Security (DHS), CISA, the National
Security Agency, and the Federal Bureau of Investigation. A representative from the Office
of Management and Budget shall participate in CSRB activities when an incident under
review involves FCEB Information Systems.
The CISA Director, in coordination with the DHS Under Secretary for Strategy, Policy and
Plans, shall appoint individuals from private sector entities to include appropriate
cybersecurity or software suppliers.
February 23, 2022
CSRB Requirements - Program Management (Draft)
Cybersecurity-Related Administrative, Program Management, and Drafting
Support
Select Contractor Personnel will be required to have a Top-Secret Clearance with
Sensitive Compartmented Information Eligibility.
Provide expertise in developing, supporting and coordinating project timelines and
milestones for the Cyber Safety Review Board.
Provide recommendations for strategic improvements regarding management and
operations of the Board (membership criteria, process flows, etc.).
Support Board activities, including administrative and logistical support for meetings.
February 23, 2022
CSRB Requirements - Program Management (Draft)
Continued
Cybersecurity-Related Administrative, Program Management, and Drafting
Support
Provide cybersecurity subject matter expertise on a variety of topics in support of Board
activities. Conduct background research and analysis in support of Board activities, to
include consolidation, analysis, and/or editing of technical materials such as reports of
research findings, technical articles, news releases, standard operating procedures,
guidance documents, and regulations.
Develop informational products for internal and external stakeholders in the form of fact
sheets, reports, memos, and recommendations.
Maintain historical information through a properly maintained administrative records
system and ensuring compliance with applicable records management policies.
February 23, 2022
CSRB Requirements - Cyber Investigative Services (Draft)
Cyber Investigative Services
Collect and analyze public and nonpublic documents, reports, assessments, and
other records regarding cyber incidents under review as requested by CISA
federal staff in support of the Board and the CSRB Subcommittee.
Draft, at the direction of CISA federal staff in support of the Board, requests for
additional nonpublic documents and records related to cyber incidents and
responses to support the development of factual records that can inform Board
recommendations.
February 23, 2022
CSRB Requirements - Cyber Investigative Services (Draft)
continued
Cyber Investigative Services
Identify subject matter experts for potential interviews or briefings for the Board
and support Board interviews and meetings, as well as Subcommittee meetings,
at the direction of CISA federal staff, by reviewing relevant documents, preparing
outlines of topics and questions, taking meeting notes, summarizing key findings,
and identifying required follow up requests for documents or additional interviews
and briefings.
The above could include CSRB Board and Subcommittee meetings that involve
individuals or entities involved in cyber incidents and responses or who otherwise
have information relevant to reviews conducted by the Board.
Provide other incident review support requested by CISA.
February 23, 2022
CSRB Requirements - Cyber Forensics Analysis (Draft)
Cyber Forensics Analysis
Review technical documents, reports, assessments, and other records regarding
causes of cyber incidents subject to review or relevant to the cyber incident and
response to support the Boards review.
Provide technical subject matter expertise as required to support activities of the
Board, including related to software and hardware security practices,
vulnerabilities, industry best-practices and standards, IT systems and
management, control systems, and other matters identified by the Board and as
directed by CISA federal staff.
Provide other cyber forensic and technical support required by CISA federal staff.
February 23, 2022
CSRB Requirements- Analysis and Drafting (Draft)
Analysis and Drafting
Prepare written analysis of cyber incidents and responses as directed by CISA
federal staff in support of the Board, to include factual record of events, technical
analysis of causes and responses to cyber incidents, and as otherwise required to
support the recommendations of the Board.
Draft written summary of factual and technical findings related to cyber incidents
and responses under review.
Prepare, at the direction of CISA federal staff in support of the Board, and subject
to the Boards review, meeting minutes reflecting the deliberations and findings of
the Board.
Provide other analysis and drafting support required by CISA federal staff.
February 23, 2022
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
UPCOMING OPPORTUNITY:
STATE AND LOCAL CYBERSECURITY GRANT
PROGRAM
KEVIN DILLION
STAKEHOLDER ENGAGEMENT DIVISION (SED)
February 23, 2022
Summary of Law
$1B over 4 years
Funds appropriated to FEMA; CISA identified as subject matter expert
Baseline allocation plus population-based allocation formula
80% passthrough to local entities
25% of total state allocation must go to rural communities (49 USC 5302)
Increasing SLTT cost share over time
Multi-entity grants can be made to groups of eligible entities
Defined uses of funds
Develop and revise Cybersecurity Plan
Implement Cybersecurity Plan (including individual projects)
Grant administration (5%)
Eligible entities States, territories and tribes (25 USC 5131); subawards made to local entities
Address imminent cybersecurity threats, as confirmed by the Secretary, acting through the Director
Fund any other appropriate
Show All