BEAD Grant Cybersecurity Requirements
The Broadband Equity, Access and Deployment Act (BEAD), a broadband grants program directed towards states and territories, imposes cybersecurity requirements upon subgrantees. There are four key baseline requirements that states (also known as Eligible Entities) must require applicants (or subgrantees) to abide by:
- The prospective subgrantee has a cybersecurity risk management plan (the plan) in place that is either:
- operational, if the prospective subgrantee is providing service prior to the award of the grant; or
- ready to be operationalized upon providing service, if the prospective subgrantee is not yet providing service prior to the grant award;
- The plan reflects the latest version of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (currently Version 1.1) and the standards and controls set forth in Executive Order 14028 and specifies the security and privacy controls being implemented;
- The plan will be reevaluated and updated on a periodic basis and as events warrant; and
- The plan will be submitted to the Eligible Entity prior to the allocation of funds. If the subgrantee makes any substantive changes to the plan, a new version will be submitted to the Eligible Entity within 30 days. The Eligible Entity must provide a subgrantee’s plan to NTIA upon NTIA’s request.
NTIA Notice of Funding Opportunity, Section IV (C)(2)(d)(vi), PDF page 70
There are also four requirements in regard to supply chain risk management. Eligible Entities need to require a prospective subgrantee to attest that:
- The prospective subgrantee has a SCRM plan in place that is either:
- operational, if the prospective subgrantee is already providing service at the time of the grant; or
- ready to be operationalized, if the prospective subgrantee is not yet providing service at the time of grant award;
- The plan is based upon the key practices discussed in the NIST publication NISTIR 8276, Key Practices in Cyber Supply Chain Risk Management: Observations from Industry and related SCRM guidance from NIST, including NIST 800-161, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations and specifies the supply chain risk management controls being implemented;
- The plan will be reevaluated and updated on a periodic basis and as events warrant; and
- The plan will be submitted to the Eligible Entity prior to the allocation of funds. If the subgrantee makes any substantive changes to the plan, a new version will be submitted to the Eligible Entity within 30 days. The Eligible Entity must provide a subgrantee’s plan to NTIA upon NTIA’s request.
NTIA Notice of Funding Opportunity, Section IV (C)(2)(d)(vi), PDF page 71
Need help winning broadband grants?
See what we can do for you.
Related Broadband Grant Terms
Broadband Grant Terms
A
B
BABA Whitelist Compliant EquipmentBackhaulBandwidthBank LoanBEAD Grant Cybersecurity RequirementsBEAD ProgramBEAD TimelinesBIPBitBroadbandBroadband AuditBroadband DATA ActBroadband DATA MapsBroadband Feasibility StudyBroadband Service ProviderBroadband Serviceable LocationsBTOPBulk Fabric ChallengeBuried Fiber DeploymentByte
C
CableCAFCAICapexCapital Projects ProgramCapital StackCBGCensus BlockChallenge ProcessChurnCMC Pilot ProgramCo-opCoaxCommon StockCommunications Act of 1934Community Development Financial InstitutionCommunity Reinvestment ActConduit FinancingConnectivity ProfileConsolidated Appropriations Act of 2021Content ProviderCPE
D
E
F
G
I
L
M
N
P
R
S
T
U
Y
Enroll for free today
It's free. Find out if you qualify for Broadband.money assistance.
1717 K Street, Suite 900
Washington DC 20006
Built with 🤍 by Ready.net
© 2024 Broadband.money