In May of 2021, the Biden Administration issued its Executive Order on Cybersecurity and began the process of guiding agencies toward improving their security posture. Since then, the government has taken additional steps for reducing risk and preventing costly data breaches – including offering a new grant designed to help agencies fortify their cybersecurity defenses across the board. State, local, and territorial (SLT) governments are up against notable challenges in cybersecurity communication and preparedness, which means critical infrastructure and sensitive networks are at risk unless security posture improves.
Following the requirements within the State and Local Cybersecurity Grant Program (SLCGP) sets agencies on the right path to a more robust security posture. The grant will appropriate $1 billion to awardees over four years, enabling agencies to improve their cybersecurity resources and more adequately defend their systems and sensitive information against risk. However, the SLCGP comes with strict requirements for approval, which means that government agencies must start preparing for the application process today if they want to be considered for funding.
Invicti can help meet grant requirements and improve security posture
While agencies work to prepare their grant applications, Invicti’s experts are on hand to help them meet SLCGP conditions, and we’ve prepared a comprehensive guide to cybersecurity grant requirements. As a leader in dynamic application security testing (DAST) with products built on accuracy, we’re uniquely positioned to check off many of the core prerequisites that SLTs need to demonstrate when applying for the grant, including:
- Managing, monitoring, and tracking all systems, applications, and user accounts. Often operating within large ecosystems of websites and applications, many of which don’t have the right levels of access control for the right users, government agencies need a way to more easily manage and monitor everything they have. With Invicti features like continuous asset discovery, website groups, and role-based access control, security teams have greater insight into their attack surface and can provide the right level of access to security data for various users.
- Enhancing preparedness against cybersecurity threats and risks. When it comes to preparing for a breach or cyberattack, it’s all about speed and efficiency. With Invicti, agencies benefit from shorter scan times, more accurate results, and a wide array of integrations that plug right into development workflows. That means vulnerabilities are remediated quickly without needing as much manual intervention as with less integrated systems. With a combination of dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA), Invicti’s tools provide deeper insights into runtime issues while also finding and testing local assets that traditional scanners don’t see.
- Following best practices for security to enhance and improve posture. In order to keep up with cybersecurity needs while improving security posture all around, agencies must bring best practices into the fold. Best practices help reduce the number of vulnerable applications and guide implementation of the right integrations into existing workflows so that development doesn’t have to slow down. Additionally, Invicti’s flexible policy features mean that agencies can create bespoke scan policies and reports tailored to specific compliance needs for a personalized approach. By centering their application security program around Invicti, state and local governments can more easily demonstrate application security compliance while keeping core best practices at the foundation of everything they do.
- Establishing a review process for greater alignment on objectives. Both security professionals and developers are critical pieces of the puzzle when it comes to web application security. If they want to work well together, they need proper alignment on processes, tools, and systems – and that’s where Invicti steps in. Invicti can help guide agencies to better align their teams so everyone understands why application security is so important, which areas they need to focus on for development, and which team members are best suited to help lead security efforts across the organization.
Many of the requirements within this grant speak to improved communication and information-sharing – both crucial benefits of effective DevSecOps. For agencies that need to revamp their DevSecOps strategies, Invicti’s Trend Matrix report helps achieve an ideal workflow by providing an overview of evolving risks at a glance and detailed information on when vulnerabilities are found and fixed.
Flexible policies and reporting options mean that agencies can customize their approach to cybersecurity management as they improve DevSecOps and more easily comply with standard policies. With these efforts in motion, alignment between teams, tools, and processes becomes a reality, and security posture improves over time.
How to meet the deadline for this grant program
In order to be considered for the grant, eligible SLT entities must submit a final application on Grants.gov by November 15th, 2022, establish a Cybersecurity Planning Committee, and submit a plan to meet 16 predefined requirements. The Cybersecurity Plan must include the following:
- Existing plans for safeguarding the agency against cybersecurity risks and threats to systems owned and operated by the SLT.
- The ways that input from local governments was incorporated into the plans.
- Everything in the Required Elements section in Appendix C of the Notice of Funding Opportunity (NOFO).
- Outlined responsibilities for individual state and local governments implementing the Cybersecurity Plan.
- Assessments of the key required elements and their impacts from the perspective of the entire entity, along with outlined resources and a timeline for implementing the plan.
- Summarized associated projects and metrics to measure progress.
To learn more about this grant and how Invicti can help government agencies prepare, download our helpful guide to cybersecurity grant requirements and the steps agencies can take to fulfill them.