For Rounds One - Three funding, Alabama has defined and grouped its initial projects as such:

Maturity Assessments and Service Selection
(1a) Cybersecurity maturity assessment surveys, participation, and consent forms
(1b) Cybersecurity assessments
(1c) State-wide cybersecurity services model
(1d) Cybersecurity Coordination
(1e) Cybersecurity Training Coordination
(1f) Governance and Risk Management Systems
(1g) Management and Administration

Deploy Foundational Cybersecurity Services
(2a) Email hosting of .gov domains
(2b) Endpoint protection software
(2c) Routine vulnerability scanning services

Offer Cybersecurity Training
(3a) Foundational cybersecurity training

LGE projects will be available and approved on a first-come, first-serve basis. Approved projects will include only one-time cybersecurity services. The following provides a general guide to projects that are in scope per the Cybersecurity Plan.

Resource, Asset, and Data Protection Tracking

  • Identify and manage configuration of hardware and software
  • Manage hardware and software security vulnerabilities
  • Protect and manage sensitive data
  • Prevent and mitigate loss or breach of classified information
  • Media protection sanitization, marking, storage, transport, and use
  • Asset discovery
  • Data backup
  • Data replication
  • System recovery
  • Spam protection
  • Input validation
  • Error handling
  • Flaw remediation
  • Memory protection
  • Vulnerability remediation
  • Incident response and mitigation
  • Incident reporting
  • Sandbox development and testing
  • Malicious code protection
  • Virtual Private Networks (VPN)
  • Virtual system and infrastructure design, implementation, management, and support services
  • Encryption
  • Cryptography, including key establishment and management
  • Data leak protection (DLP)

Authentication and Authorization

  • User and system identity management
  • Credential management
  • User permissions management
  • Configuration management
  • Identity proofing
  • Identity theft protection
  • Multi-Factor Authentication (MFA)
  • Hardware inventory management
  • Software inventory management
  • Identity and Authentication Management (IAM)
  • Privileged Identity Management and Privileged Access Management (PIM/PAM)
  • Password management

Training and Awareness

  • Provide cybersecurity awareness training to prevent phishing and other attacks
  • Cybersecurity program evaluation
  • Governance development, including policy, processes, and procedures
  • System maintenance policy and procedures
  • Cybersecurity risk assessment and management
  • Response planning and communications
  • Cybersecurity improvement
  • Contingency planning and training
  • Incidence response training
  • Cybersecurity training software and services

Endpoint, Network, and Cloud Security

  • Endpoint detection and response (EDR) platforms
  • Endpoint protection platforms (EPP)
  • Identify and monitor incidents through data collection and analysis
  • Continuous scanning for evaluation of vulnerabilities and threats
  • Penetration testing to identify possible exploitable pathways and validate strength of defenses
  • Provide protection of data and services for user devices, network components, applications, and virtual/cloud systems
  • Port and service lockdown
  • Application portioning
  • Security function isolation
  • Network disconnect
  • Transmission confidentiality and integrity
  • Time synchronization
  • Access control, including port security and MAC address filtering
  • Network interface management
  • Network boundary protection
  • Network segmentation and segregation
  • Network monitoring
  • Network mapping
  • Event logging
  • Remote access security
  • Network capability and stress testing
  • Cloud compliance with cybersecurity framework standards (ISO, NIST, etc.)
  • Secure file sharing

Threat Detection and Security Monitoring

  • Provide continuous security monitoring and threat detection
  • Protect against data loss and theft
  • Vulnerability scanning and management
  • Data flow mapping
  • System use monitoring
  • Anomaly and event detection
  • Intrusion detection and prevention

Forensic and Incident Response

  • Baseline establishment
  • Network Architecture Documentation
  • Change control
  • Incident response planning and preparedness
  • Incident response management and recovery
  • Forensic investigative and examination
  • Intrusion Protection/Prevention Systems (IPS)
  • Firewalls, include Web application firewalls (WAF)