The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Last month, the Department of Homeland Security announced the availability of $279.9 million in grant funding for the Fiscal Year (FY) 2024 State and Local Cybersecurity Grant Program (SLCGP). Now in its third year, the four-year, $1 billion program provides funding for State, Local and Territorial (SLT) governments to implement cybersecurity solutions that address the growing threats and risks to their information systems. Applications must be submitted by December 3, 2024.
While there are no significant modifications to the program for FY 2024, the Federal Emergency Management Agency (FEMA), which administers SLCGP in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), identified key changes, some of which we highlight below:
The FY 2024 NOFO adds CISA’s KEV catalog as a new performance measure and recommended resource
The FY 2024 notice of funding opportunity (NOFO) adds the CISA Known Exploited Vulnerabilities (KEV) catalog as a recommended resource to encourage governments to regularly view information related to cybersecurity vulnerabilities confirmed by CISA, prioritizing those exploited in the wild. In addition, CISA has added “Addressing CISA-identified cybersecurity vulnerabilities” to the list of performance measures it will collect through the duration of the program.
At Tenable, our goal is to help organizations identify their cyber exposure gaps as accurately and quickly as possible. To achieve this goal, we have research teams around the globe working to provide precise and prompt coverage for new threats as they are discovered. Tenable monitors and tracks additions to the CISA KEV catalog on a daily basis and prioritizes developing new detections where they do not already exist.
Tenable updates the KEV coverage of its vulnerability management products — Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management — allowing organizations to use KEV catalog data as an additional prioritization metric when figuring out what to fix first. The ready availability of this data in Tenable products can help agencies meet the SLCGP performance measures. This blog offers additional information on Tenable’s coverage of CISA’s KEV catalog.
FY 2024 NOFO adds “Adopting Enhanced Logging” as a new performance measure
The FY 2024 NOFO also adds “Adopting Enhanced Logging” to the list of performance measures CISA will collect throughout the program duration.
Tenable's library of Compliance Audits, including Center for Internet Security (CIS) and Defense Information Systems Agency (DISA), allows organizations to assess systems for compliance, including ensuring Enhanced Logging is enabled. Tenable's vulnerability management tools enable customers to easily schedule compliance scans. Users can choose from a continuously updated library of built-in audits or upload custom audits. By conducting these scans regularly, organizations can ensure their systems are secure and maintain compliance with required frameworks.
FY 2024 NOFO continues to require applicants to address program objectives in their applications
As with previous years, the FY 2024 NOFO sets four program objectives. Applicants must address at least one of the following in their applications:
Tenable is uniquely positioned to help SLTs meet Objective 2 through the Tenable One Exposure Management Platform. In addition to analyzing traditional IT environments, Tenable One analyzes cloud instances, web applications, critical infrastructure environments, identity access and privilege solutions such as Active Directory and more — including highly dynamic assets like mobile devices, virtual machines and containers. Once the complete attack surface is understood, the Tenable One platform applies a proactive risk-based approach to managing exposure, allowing SLT agencies to successfully meet each of the sub-objectives outlined in Objective 2 (see table below).
Sub-objective | How Tenable helps |
2.1.1: Establish and regularly update asset inventory | Tenable One deploys purpose-built sensors across on-premises and cloud environments to update inventories of human and machine assets, including cloud, IT, OT, IoT, mobile, applications, virtual machines, containers and identities |
2.3.2. Effectively manage vulnerabilities by prioritizing mitigation of high-impact vulnerabilities and those most likely to be exploited. | Tenable One provides an accurate picture of both internal and external exposure by detecting and prioritizing a broad range of vulnerabilities, misconfiguration and excessive permissions across the attack surface. Threat intelligence and data science from Tenable Research are then applied to give agencies easy-to-understand risk scores. For example, Tenable One provides advanced prioritization metrics and capabilities, asset exposure scores which combine total asset risk and asset criticality, cyber exposure scoring which calculates overall exposure for the organization, peer benchmarking for comparable organizations, as well as the ability to track SLAs and risk patterns over time. Further, Tenable One provides rich critical technical context in the form of attack path analysis that maps asset, identity and risk relationships which can be exploited by attackers. It also provides business context by giving users an understanding of the potential impact on the things that matter most to an agency, such as business critical apps, services, processes and functions. These contextual views greatly improve the ability of security teams to prioritize and focus action where they can best reduce the potential for material impact. These advanced prioritization capabilities, along with mitigation guidance, ensure high-risk vulnerabilities can be addressed quickly. |
2.4.1 SLT agencies are able to analyze network traffic and activity transiting or traveling to or from information systems, applications, and user accounts to understand baseline activity and identify potential threats. | Tenable provides purpose-built sensors, including a passive sensor, which can determine risk based on network traffic. After being placed on a Switched Port Analyzer (SPAN) port or network tap, the passive sensor will be able to discover new devices on a network as soon as they begin to send traffic, as well as discover vulnerabilities based on, but not limited to:
|
2.5.1 SLT agencies are able to respond to identified events and incidents, document root cause, and share information with partners. | Tenable One can help SLT agencies respond to identified events and incidents and document root cause more quickly. SOC analysts managing events and incidents and vulnerability analysts focused on remediation of vulnerabilities have access to deep technical content in the form of attack paths, with risk and and configuration details to verify viability, as well as business context to understand the potential impact to their agency. This information is valuable not only to validate why IT teams should prioritize mitigation of issues before breach, but to prove that a successful attack has occurred. Further, agencies can deliver dashboards, reports and scorecards to help share important security data in meaningful ways across teams and with partners. Agencies are able to customize these to show the data that matters most and add details specific to their requirements. |
Source: Tenable, October 2024
Tenable offers SLT agencies flexibility in their implementation models to help them best meet the requirements and objectives outlined as part of the SLCGP. Deployment models include:
A “whole-of-state” approach — which enables state-wide collaboration to improve the cybersecurity posture of all stakeholders — allows state governments to share resources to support cybersecurity programs for local government entities, educational institutions and other organizations. Shared resources increase the level of defense for SLTs both individually and as a community and reduce duplication of work and effort. States get real-time visibility into all threats and deploy a standard strategy and toolset to improve cyber hygiene, accelerate incident response and reduce statewide risk. For more information, read Protecting Local Government Agencies with a Whole-of-State Cybersecurity Approach.
FY 2024 NOFO advises SLT agencies to adopt key cybersecurity best practices
As in previous years, the FY 2024 NOFO again recommends SLT agencies adopt key cybersecurity best practices. To do this, they are required to consult the CISA Cross-Sector Cybersecurity Performance Goals (CPGs) throughout their development of plans and projects within the program. This is also a statutory requirement for receiving grant funding.
The CISA CPGs are a prioritized subset of cybersecurity practices aimed at meaningfully reducing risk to critical infrastructure operations and the American people. They provide a common set of IT and operational technology (OT) fundamental cybersecurity best practices to help SLT agencies address some of the most common and impactful cyber risks. Learn more about how Tenable One can help agencies meet the CISA CPGs here.
Jill Shapiro is Vice President of Global Government Affairs at Tenable, where she has advanced Tenable’s policy priorities before Congress and the Administration since 2018. Prior to joining Tenable, Jill advocated for cybersecurity, tax and intellectual property policies at Dell and EMC. Jill also worked at McBee Strategic Consulting (now Signal Group), where she helped clients advance their policy and business priorities in D.C., and spent seven years in the U.S. Senate, including five years on the Senate Appropriations Subcommittee on Commerce, Justice and Science, and two years as a legislative assistant for Senator Barbara Mikulski (D-MD). Jill started her career as an associate at Verner, Liipfert, Bernhard, McPherson and Hand (now DLA Piper). Jill holds a Bachelor of Arts from Duke University and a Juris Doctorate from Georgetown University Law Center.
Joe Decker is a Security Engineer with Tenable and supports state and local government customers coast to coast. Prior to Tenable, Joe was a United States Navy submariner and he grew up on the water. Joe is located in Baltimore, Maryland and he enjoys history, music and spending time with his family.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Get the Operational Technology security you need.
Reduce the risk you don’t.
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Exposure management for the modern attack surface.
Know the exposure of every asset on any platform.
Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.
Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.
Free for 7 days
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.