BIG BEAD Cybersecurity Risk Management 1
Overview All BIG BEAD subgrantees, in accordance with the National Telecommunications and Information Administration (NTIA) BEAD Notice of Funding Opportunity (NOFO) and Utah Broadband Center’s (UBC) approved Initial Proposal Vol. 2 must meet the following conditions to receive federal funds through this program.
2
Cybersecurity Plan Subgrantees must have a cybersecurity risk management plan, either operational or ready to be operationalized, depending on whether they are already providing broadband or telecommunications services.
3
Compliance with Standards The plan must align with the latest National Institute of Standards and Technology (NIST) Cybersecurity Framework (Version 1.1) and Executive Order 14028, including security and privacy controls. The latest updates include: Prepare the Organization: Ensure the organization’s people, processes, and technology are prepared to perform secure software development at the organization level and, in some cases, for each individual project. Protect the Software: Protect all components of the software from tampering and unauthorized access. Produce Well-Secured Software: Produce well-secured software that has minimal security vulnerabilities in its releases. Respond to Vulnerabilities: Identify vulnerabilities in software releases and respond appropriately to address those vulnerabilities and prevent similar vulnerabilities from occurring in the future.
4
Reevaluation
5
Submission Requirement
The plan must be periodically reviewed and updated.
The plan must be submitted to UBC before BIG funds are allocated. Any substantive updates require submission of a revised plan to UBC within 30 days of the plan’s revision.