The Stakeholder Engagement Division (SED), Partnerships Branch seeks to award a new cooperative agreement titled “State, Local, Tribal and Territorial (SLTT) High Value Asset (HVA) Pilot” in fiscal year 202 0. The activities contemplated in this agreement advance CISA’s mission as
defined by authorities within the Homeland Security Act of 2002, as amended by the Cybersecurity and Infrastructure Security Agency Act of 2018, specifically regarding providing shared situational awareness to enable real-time, integrated, and operational actions across the Federal Government and non-Federal entities to address cybersecurity risks and incidents, as well as providing information and recommendations on security and resilience measures to Federal and non-Federal entities to facilitate information security and strengthen information systems against cybersecurity risks and incidents.Justification:
the nature of the cybersecurity threat to America is growing, and our nation’s cyber adversaries move with speed and stealth.
To keep pace, SLTT agencies need to be able to identify, categorize, and prioritize their HVAs in order to protect these assets from compromise, subsequently protecting HVAs that are so critical to an organization that the loss of access or corruption of these assets would have serious impact to the organization’s ability to perform its mission or conduct business.
Key to this effort, SLTT jurisdictions require guidelines, templates, and tools to facilitate implementation of these processes within the context of their own risk management framework, available resources, and authorities.The purpose of this Cooperative Agreement is to establish a HVA pilot that aligns with the Federal Government’s HVA programs (reference Office of Management and Budget memo M-17-09 found at https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/m-17-0 9. pdf and CISA Binding Operational Directive found at https://cyber.dhs.gov/assets/report/bod-19-0 2. pdf ) and is flexible enough to be implemented by SLTT jurisdictions based on their individual requirements.
The outcomes of this cooperative agreement will provide standardized methods for the identification, categorization, and prioritization of high value assets, and provide guidance, templates, and tools to mitigate risk associated with identified vulnerabilities.