Laserfiche WebLink
Framework for Improving Critical Infrastructure Cybersecurity <br />When requesting funds for cybersecurity, applicants are encouraged to propose projects that would aid in <br />implementation of all or part of the Framework for Improving Critical Infrastructure Cybersecurity (the <br />" F r a me wo r k " ) d e v e l o p e d b y t h e Na t i o n a l I n s t i t u t e <br />gathers existing international standards and practices to help organizations understand, communicate, and <br />manage their cyber risks. For organizations that do not know where to start with developing a <br />cybersecurity program, the Framework provides initial guidance. For organizations with more advanced <br />practices, the Framework offers a way to improve their programs, such as better communication with <br />their leadership and suppliers about management of cyber risks. <br />CISA's Critical Infrastructure C y b e r Community C3 <br />infrastructure owners and operators to assist in adoption of the Framework and managing cyber risks. <br />Additional information on the Critical Infrastructure Cyber Community C3 Voluntary Program can be <br />found at http://www.cisa.gov/ccubedvp. <br />D H S' s E n h a n c e d C y b e r s e cur i t y e cff&resour�edhat assists iE C S) <br />protecting U.S.-based public and private entities and combines key elements of capabilities under the <br />" De t e c t" a n d " P r o t e c t" f u n c t i o n s t o d e l i v e r <br />Cybersecurity Framework. Specifically, ECS offers intrusion prevention and analysis services that help <br />U.S.-based companies and SLTT governments defend their computer systems against unauthorized <br />access, exploitation, and data exfiltration. ECS works by sourcing timely, actionable cyber threat <br />indicators from sensitive and classified Government Furnished Information (GFI). DHS then shares those <br />indicators with accredited Commercial Service Providers (CSPs). Those CSPs in turn use the indicators to <br />block certain types of malicious t r a f f i c f r o m e n t e r i n g a c o m p a n <br />subscribing to ECS must contract directly with a CSP in order to receive services. Please visit Enhanced <br />Cybersecurity Services (ECS) CISA for a current list of ECS CSP points of contact. <br />THSGP Investment Modifications — Changes in Scope or Objective <br />Changes in scope or objective of the award —including those resulting from intended actions by the <br />recipient or subrecipientsr e q u i r e F E MA' s p r i o r w r i t t e n a p p <br />200.308(c)(1), 200.407. THSGP is competitive, with applications recommended for funding based on <br />threat, vulnerability, and consequence, and their mitigation of potential terrorist attacks. However, <br />consistent with 2 C.F.R § 200.308(c)(1), Change in Scope Prior Approval, FEMA requires prior approval <br />of any change in scope or objective of the grant -funded activity after the award is issued. See 2 C.F.R. § <br />200.308(b), (c). Scope or objective changes will be considered on a case -by -case basis, provided the <br />change does not negatively impact the competitive process used to recommend THSGP awards. <br />Requests to change the scope or objective of the grant -funded activity after the award is made must be <br />submitted via ND Grants as a Scope Change Amendment. The amendment request must include the <br />following: <br />A w r i t t e n r e q u e s t o n t h e r e c i p i e n t', including t <br />the approved projects from the IJ, the funds and relative scope or objective significance allocated <br />to those projects, the proposed changes, and any resulting reallocations as a result of the change <br />of scope or objective; <br />An explanation why the change of scope or objective is necessary; <br />How the proposed scope or objective changes to the project support the vulnerabilities and <br />capability gaps identified in the approved IJ; and <br />p r o g <br />a n <br />y' s n <br />o v a 1 <br />t e r h e <br />���Nos��. e <br />��� <br />FEMA THSGP Appendix 12023 Page B-13 <br />