Hello!
As one of Government Technology Solutions state and local government customers I've written you to keep you informed about the U.S. Department of Homeland Security Cyber Security Grant Funding process and requirements for Fiscal Year 2006.
The information here relatates to the "FY 2006 Homeland Security Grant Program, Program Guidance and Application Kit". It can be downloaded in Adobe .pdf format by clicking on the link.
I have carefully reviewed the program requirements and would like to bring to your attention several areas that might be of particular interest. It is important that you know who at your state level is the primary contact for DHS grant funds. If you do not know who that is please find that, out as each state has their own internal guidelines and you will need to adhere to those.
This year, for the first time, “Developing or Enhancing Cyber Security Plans and Developing or Enhancing Cyber Risk Mitigation Plans” is encouraged and are specific grant categories (page 71 of the kit). If adding solutions to your Information Assurance (IA) tool box are part of your plans this year, this is the best time to see if you can get funding assistance from the Federal Government. Since all State and Local Government local networks have at least a minimal connection to Federal network infrastructure, this is a true win-win for agencies like yours.
Last year I had a series of meetings with DHS officials to propose adding Cyber Security to the grant check list. They agreed that it made sense, asked for suggestions from us and our state and local government customers. I'm pleased to report that, based on that feedback, they have implemented it for Fiscal Year 2006. To help our state and local Government customers navigate through this process I have put together the following suggestion list. Obviously, we can't guarantee the success of your application – nor commit that we can influence its acceptance. But we are familiar with most of the requirements and guidelines that have been incorporated into the programs requirements list. I believe that the closer you adhere to this list, the better your chances of success in receiving grant dollars.
With the above in mind, here are my suggestions:
- Note that on page 24 (Section B.5), DHS is REQUIRING XML support, via the National Information Exchange Model (NIEM). While any organization that has deployed Microsoft Office is using XML on the Desktop, this creates an opportunity to request XML security tools to support the DHS required NIEM. Under the Cyber Security guidelines, Anti-Virus, IDS, and traditional Information Assurance (IA) security tools are spelled out as acceptable product types. NONE of these today support XML natively. The only tool we are aware of that allows all existing IA tools to scan/read XML data is Microdasys XMLRay. Thus a request for XMLRay referencing the NIEM as the justification would likely be accepted with a higher level of success.
- On page 26 (B.5), The National Strategy to Secure Cyberspace is referenced. Should you need a copy contact me or click on the link you see here. Page 28 of this document discusses the importance of the FBI Infragard program. If you are not a member of this program urge you to join ! I'm a member and receive updates, notifications, and can access program resources available no where else.
- Also in the National Strategy to Secure Cyberspace, on page 46, is an overview of the National Information Assurance Partnership (NIAP) program. Government Technology Solutions was the first private company to adopt this as a guideline for its integrated solution portfolio – in 1999. Use of NIAP certified tools is urged under NIST Special publication 800-23, and thus reference to products submitted for grant funding that comply with this, and mention to DHS reference guidelines should increase your chances of success in the grant application process.
- You'll find that in Section B.5 of the application kit, DHS references suppliers that hold GSA contracts that have a Cooperative Purchasing Agreement. Government Technology Solutions GSA Schedule 70 contract complies with this guideline. Since this is covered in the grant document on pages 26and 27, mentioning that procurement is to be done through a GSA cooperative purchasing agreement supplier is suggested. Be sure reference page 26 and 27 of the program guide.
- Under the Allowable Equipment categories, Category 5 is specifically for Cyber Security Enhancement equipment. Note that “Training” for Cyber Security tools is now listed (C.4, #1). This has been an issue for State and local Government users in the past. And this is allowed for 10 of the 14 programs.
- Appendix I of the kit/guide covers the Cyber Security Guidance. It discusses guidelines, and reference sources to assist you in the development of an IA policy for your agency. NIST Special publication Number 800-53 would be a good tool to use should your agency not have a complete IA Cyber Security policy. In that document they recommend certain minimum technologies that are required. I believe if you reference this NIST special publication, as called for on Appendix I-1, this would qualify as acceptable – as it is the same requirement that all Federal Agencies must comply with this year. If you already have a published policy, mention of minimum security tools as called for under FIPS 199/NIST Special publication Number 800-53 should meet all DHS requirements.
If you are not familiar with the Federal guidance and reference sources such as NIST Special Publications, The National Strategy to Secure Cyberspace, NIAP, etc. don’t worry – we are! If we can help you in assessing what might enhance your IA infrastructure and also qualify for DHS grant funds, give us a call or e-mail. We can be reached at 1-800-326-5683, e-mail. us at info@gvTechSolutions.com, or review our web page at www.gvTechSolutions.com which has links to NIAP, NIST, and a list of IA technologies that all qualify and might significantly enhance your IA toolset!
Regards,
Government Technology Solutions
A GSA,
Robert J. Deitz, II
CEO & President
