Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SLCGP Additional Requirements

Must participate in the Nationwide Cybersecurity Review (NCSR)

https://www.cisecurity.org/ms-isac/services/ncsr

  • It opens October through February.

  • All FY 2022 SLCGP subrecipients are required to complete the National Cybersecurity Review (NCSR) assessment each year of your grant performance period. 

  • An NCSR can be performed for a group of entities as long as we list all entities on the applicable form area. This means that if all our entities follow our same standards we can perform on NCSR for all SLCGP recipients.

  • PLEASE READ the specific NCSR Guidance here:

    • Please continue to submit the completion certificates to EMD_HSGP@michigan.gov  and for tracking and documentation purposes, and we the suggested due date is December 31, 2024.

       

      Below are some important reminders for consideration around the NCSR participation timeline:

    • Although MSP EMHSD has a suggested internal deadline of December 31, 2024, the assessment will remain open until February 28, 2025 for compliance purposes.

    • Participants must register at the website https://www.cisecurity.org/ms-isac/services/ncsr/ . Emailed requests for registration will not be considered.

    • For consistency purposes, MS-ISAC will not be able to change the name of an organization that has previously participated.

    • A participant is not required to send their entire assessment and responses to MSP-EMHSD, as their NCSR data is confidential.

    • IT or security contacts are encouraged to complete the NCSR rather than grant managers as the NCSR is an IT assessment.

    • An NCSR submission can cover multiple entities who receive HSGP funding. Participants should enter all “Legal Agency Names” within the appropriate question to account for all entities covered under the submission.

    • Once the 2024 NCSR officially closes, the aggregated data is used in a Summary Report that is designed to measure the gaps and capabilities of SLTT governments’ cybersecurity programs. The following page includes additional information on the NCSR: https://www.cisecurity.org/ms-isac/services/ncsr/ .

       

      For additional questions or assistance, please email NCSR@cisecurity.org.

Must sign up for CISA Vulnerability Scanning Services and ALSO request interest in Web Application Scanning.

  • To: Vulnerability_Info <Vulnerability_Info@cisa.dhs.gov>
    Subject: Requesting Cyber Hygiene Services – SLCGP for (school district here)

    CISA,

    We as the <school district here> would like to request Cyber Hygiene and Web Application Scanning services as required by the SLCGP grant. We look forward to participating in this wonderful program.

  • Then fill out and submit these froms when they reply with a ticket for your request

    • FAQ on signup

      View file
      name1 - CyHy Vuln Scanning 2022.pdf

    • Cyber Hygiene scan Application:

      View file
      nameAcceptance Letter - Cyber Hygiene - SLTT_PS v5 .pdf

    • Cyber Assessment Form:

      View file
      nameCISA Cyber Hygeine Services and Web Application Scanning Fact Sheet.pdf

  • Web Application Scanning form Info

    • Fact Sheet:

      View file
      nameCISA Cyber Hygeine Services and Web Application Scanning Fact Sheet.pdf

    • Application:

      View file
      nameWebAppScanningApplication - WAS_AppA_SLTT.pdf

    • Sample report from Web App Scanning:

      View file
      nameSample WAS Report.pdf