TO: Honorable Mayor & Members of the North Port Commission
FROM: A. Jerome Fletcher II, ICMA-CM, MPA, City Manager
TITLE: Approve the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement and Provide CISA With Express Approval to use the City Seal in Furtherance of the Agreement.
Recommended Action
Approve the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Assessments Rules of Engagement Agreement and provide CISA with express approval to use the City Seal in furtherance of the Agreement.
Background Information
The Information Technology Division would like to engage with CISA to conduct a cybersecurity assessment. This assessment will include a vulnerability scan; web application scan; and a remote penetration testing service. The goals of these scans are to: identify vulnerabilities on the City's publicly accessible networks and systems; identify potential configuration issues with the City's public facing network; provide an analysis of specific and actional vulnerabilities.
The cybersecurity assessment will begin within one week after submitting the request to CISA. At the end of their assessment, CISA will provide the Information Technology Division with all data, including a tailored risk analysis and recommendations on how to mitigate found vulnerabilities and security risks. CISA's analysis is based on the framework MITRE ATT&CK(r), which is a global community-driven knowledge base, comprised of known tactics, techniques, and procedures (TTPs) of threat actors.
As part of the Agreement, once the test is completed, CISA would like to use the City seal on phishing emails during this assessment. Phishing emails are used to provide continuous social engineering training to City employees. The City has an employee who is a member of this agency as such, there is no cost to the City for this assessment.
The Cybersecurity and Infrastructure Security Agency (CISA) Cybersecu...
Click here for full text