City of North Port - File #: 24-1380

• File #: 24-1380
• Version: 1
• Type: Consent Agenda
• Status: Agenda Ready
• File created: 9/9/2024
• In control: City Commission Regular Meeting
• On agenda: 10/8/2024
• Final action: 10/22/2024
• Title: Approve the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement and Provide CISA With Express Approval to use the City Seal in Furtherance of the Agreement.

Date	Ver.	Action By	Action	Result
10/22/2024	1	City Commission Regular Meeting
10/22/2024	1	City Commission Regular Meeting	amended	Fail
10/22/2024	1	City Commission Regular Meeting	approved	Pass

TO:                                           Honorable Mayor & Members of the North Port Commission

FROM:                      A. Jerome Fletcher II, ICMA-CM, MPA, City Manager

TITLE:                     Approve the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement and Provide CISA With Express Approval to use the City Seal in Furtherance of the Agreement.

Recommended Action

Approve the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement and provide CISA with express approval to use the City Seal in furtherance of the Agreement.

Background Information

The Information Technology Division would like to engage with CISA to conduct a cybersecurity assessment. This assessment will include a vulnerability scan; web application scan; and a remote penetration testing service. The goals of these scans are to: identify vulnerabilities on the City’s publicly accessible networks and systems; identify potential configuration issues with the City’s public facing network; provide an analysis of specific and actional vulnerabilities.

The cybersecurity assessment will begin within one week after submitting the request to CISA. At the end of their assessment, CISA will provide the Information Technology Division with all data, including a tailored risk analysis and recommendations on how to mitigate found vulnerabilities and security risks. CISA’s analysis is based on the framework MITRE ATT&CK®, which is a global community-driven knowledge base, comprised of known tactics, techniques, and procedures (TTPs) of threat actors.

As part of the Agreement, once the test is completed, CISA would like to use the City seal on phishing emails during this assessment. Phishing emails are used to provide continuous social engineering training to City employees. The City has an employee who is a member of this agency as such, there is no cost to the City for this assessment.

The Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement has been reviewed by the City Attorney and is legally correct as to form.

Strategic Plan

Good Governance Pillar.

Financial Impact

Not applicable.

Procurement

Not applicable.

Attachments:

1.                     Exempt from public record pursuant to Florida Statutes Section 119.0725.

Prepared by:                                            Eric Ryan, Information Technology Manager

                                                               Vicki Edwards, Senior Business Administrator.

Department Director:                       Juliana B. Bellia, Assistant City Manager