Grant Funding Q & A Webinar...Grant Funding Q & A Webinar June 2019. Grant Funding • Each board of...
Transcript of Grant Funding Q & A Webinar...Grant Funding Q & A Webinar June 2019. Grant Funding • Each board of...
-
Grant Funding Q & AWebinar
June 2019
-
Grant Funding• Each board of elections will incur costs to implement the new
Security Directive• The Secretary of State is providing a one-time grant funding of
$50,000 to assist county BOEs with the implementation• Signed security agreement must be returned to
[email protected] by July 19, 2019 before SOS Finance disburses checks
mailto:[email protected]
-
Grant Fund Use• Funds must first be used to implement the requirements of the
security directive. • Remaining funds may be used for activities to improve the
administration of elections for federal office to include:o Enhancing election technology
Upgrading election related computer systems to address cyber vulnerabilities identified by DHS
o Cybersecurity training for chief election official’s office and local election officials
o Implementing cybersecurity best practices for election systemso Other activities that improve the security of elections
-
Grant Funding Terms• Each county will be required to enter into a grant agreement
with the Secretary of State’s Officeo Grant funds must be deposited into a separate, interest-bearing
accounto Each county must report monthly to the Secretary of State’s Office
providing the following: Using the template #1 provided, a list of items purchased, funds
spent, interest, and funds remaining Using the template #2 provided, a progress update of the Security
Directive/Technical Document implementation
-
Template #1
-
Template #1 (cont.)
-
Template #2Item No. Due Date Directive Requirement Solution being Implemented Status
(Select from Drop-Down List)Expected Completion
Time Frame
Who is Performing Implementation;(Select from Drop-Down List)
If Vendor, Name of VendorVendor Contact Information(Name of Contact, Phone number, & Address)
Comments
DHS Services:
Physical Security Assessment
Risk and Vulnerability Assessment
Remote Penetration Testing
Validated Architectural Design Review
Cyber Threat Hunt
Cyber Hygiene Scans
Phishing Campaign Assessment
Under Workstation and Server Hardening / Patching: Workstations upgraded to Windows 10 enterprise edition
Under Workstation and Server Hardening / Patching: Upgrade Servers Running Windows Server 2008 R2 or older to Windows Server 2016
3 January 31, 2020 Board of Election Electronic Mail
4 January 31, 2020Websites to ".gov" or ".us" addresses
5 January 31, 2020 Network Protection
6 January 31, 2020 Network Scanning
[Choose Board of Elections from Dropdown List]
1 July 19, 2019
January 13, 20202
BOE Progress
[Choose Board of Elections from Dropdown List]
Item No.Due DateDirective Requirement Solution being ImplementedStatus(Select from Drop-Down List)Expected Completion Time FrameWho is Performing Implementation;(Select from Drop-Down List)If Vendor, Name of VendorVendor Contact Information(Name of Contact, Phone number, & Address)Comments
1July 19, 2019DHS Services:
Physical Security Assessment
Risk and Vulnerability Assessment
Remote Penetration Testing
Validated Architectural Design Review
Cyber Threat Hunt
Cyber Hygiene Scans
Phishing Campaign Assessment
2January 13, 2020Under Workstation and Server Hardening / Patching: Workstations upgraded to Windows 10 enterprise edition
Under Workstation and Server Hardening / Patching: Upgrade Servers Running Windows Server 2008 R2 or older to Windows Server 2016
3January 31, 2020Board of Election Electronic Mail
4January 31, 2020Websites to ".gov" or ".us" addresses
5January 31, 2020Network Protection
6January 31, 2020Network Scanning
7January 31, 2020Network Segmentation
8January 31, 2020Device Whitelisting
9January 31, 2020Access Control
10January 31, 2020Strong Passwords and MFA
11January 31, 2020Wireless Device Security
12January 31, 2020Vulnerability Scanning
13January 31, 2020Network Intrusion Detection
14January 31, 2020Asset Management
15January 31, 2020Application Whitelisting
16January 31, 2020Data Encryption
17January 31, 2020Secure Channels for Remote Access
18January 31, 2020Security Information and Event Management (SIEM)
19January 31, 2020Secure Storage of Baseline Configurations
20January 31, 2020Criminal Background Checks
21January 31, 2020USB Hygiene
22January 31, 2020Security Awareness Training
23January 31, 2020Malware Management
24January 31, 2020Workstation and Server Hardening / Patching
25January 31, 2020Physical Security for Election IT Equipment
26January 31, 2020Requirements for Elections Infrastructure Vendors
27January 31, 2020Backups of VR InformationPlease provide information detailing how Voter Registration data is backed up and state if the back up is stored on site or at an offsite location.
&"-,Bold"&14Security Directive Implemetation Progress Report
Example Information
Franklin County Board of Elections
Item No.Due DateDirective Requirement Solution being ImplementedStatus(Select from Drop-Down List)Expected Completion Time FrameWho is Performing Implementation;(Select from Drop-Down List)If Vendor, Name of VendorVendor Contact Information(Name of Contact, Phone number, & Address)Comments
1July 19, 2019DHS Services:Signed up for this service with DHSCompleteJuly 19, 2019
Physical Security AssessmentSigned up for this service with DHSCompleteJuly 19, 2019
Risk and Vulnerability AssessmentSigned up for this service with DHSCompleteJuly 19, 2019
Remote Penetration TestingSigned up for this service with DHSCompleteJuly 19, 2019
Validated Architectural Design ReviewSigned up for this service with DHSCompleteJuly 19, 2019
Cyber Threat HuntSigned up for this service with DHSCompleteJuly 19, 2019
Cyber Hygiene ScansSigned up for this service with DHSCompleteJuly 19, 2019
Phishing Campaign AssessmentSigned up for this service with DHSCompleteJuly 19, 2019
2January 13, 2020Under Workstation and Server Hardening / Patching: Workstations upgraded to Windows 10 enterprise editionUpgrading existing Win 10 Pro workstations to Win 10 enterprise.Will replace 3 Windows 7 workstations that are too old to upgrade to Windows 10 enterprise.In ProcessEnd SeptemberVendorComputers Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH 45221
Under Workstation and Server Hardening / Patching: Upgrade Servers Running Windows Server 2008 R2 or older to Windows Server 2016Servers are running Windows 2012 R2CompleteN/AN/AN/A
3January 31, 2020Board of Election Electronic MailCounty BOE email is being migrated to a ".gov" domain. In ProcessEnd October 2019County ITN/A
4January 31, 2020Websites to ".gov" or ".us" addressesBOE website is being migrated to ".gov" domainNot StartedTBDVendorWebsites LLCLisa Website: 614 333-333315 Broad St. Columbus OH 43215
5January 31, 2020Network ProtectionInstalling Sophos XG125WIn ProcessEnd August 2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
6January 31, 2020Network ScanningSIEM Sensor (NUC) and SIEM Software AlienVault Anywhere Scan network weekly and review scanNot StartedTBDSecretary of State's OfficeN/A
7January 31, 2020Network SegmentationInstallling and configuring Sophos XG125W and HP Aruba POE Managed SwitchIn ProcessEnd August 2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
8January 31, 2020Device WhitelistingInstalling an HP Aruba POE Managed Switch - 24 portIn ProcessEnd August 2019ABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
9January 31, 2020Access ControlImplementing a domain controller, group policies, and remote access via VPN with MFAIn ProcessBeginning Sept 2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
10January 31, 2020Strong Passwords and MFAAll BOE email and official social media accounts are changing to 15 characters or more passphrases using upper and lower case letters as well as numbers. MFA is being impmlemented for remote access and admin accounts, accounts accessing or modifying voter registration data and election systems, and board of elections email using Google AuthenticatorIn ProcessBeginning Sept 2019VendorABC Network Company
11January 31, 2020Wireless Device SecurityWireless network uses WPA2 with AES encryption and the network name does not identify what it is uses for (i.e. it is not "PollPad".Passwords are changed every 90 days and are 15 characters using using upper and lower case letters, numbers and special characters.CompleteN/AN/A
12January 31, 2020Vulnerability ScanningRegularly run a SCAP-compliant vulnerability scanner with AlientVault Anywhere and ensure reviewedNot StartedTBDSecretary of State's OfficeN/A
13January 31, 2020Network Intrusion DetectionInstall MS-ISAC Albert sensorNot StartedTBDSecretary of State's OfficeN/A
14January 31, 2020Asset ManagementMaintain detailed maintenance record of all system componentsIn ProcessBeginning Sept 2019
15January 31, 2020Application WhitelistingConfiguring in Sophos firewallIn ProcessEnd August 2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
16January 31, 2020Data EncryptionAll Personally identifiable information (PII) such as SSN and drivers license numbers are encrypted at all times and all data transfer is done via a secure FTP.
17January 31, 2020Secure Channels for Remote AccessSecure protocols for all remote connections to the system (TLS, IPSEC) will be implementedIn ProcessEnd August 2019VendorABC Network CompanyDave Network: 614-555-555565 East 1st St. Columbus OH 43215
18January 31, 2020Security Information and Event Management (SIEM)SIEM Sensor (NUC) and SIEM Software AlienVault Anywhere - MonitoringNot StartedTBDSecretary of State's OfficeN/A
19January 31, 2020Secure Storage of Baseline ConfigurationsWill store secure baseline configurations on approved USB device and securely deploy baseline configurations
20January 31, 2020Criminal Background ChecksIn ProcessEnd OctoberLocal Police DepartmentN/A
21January 31, 2020USB HygieneWill utilize approved USB devices from Secretary of State OfficeNot StartedTBD
22January 31, 2020Security Awareness TrainingWill request and take KnowBe4 Training through Secretary of State's OfficeNot StartedEnd OctoberSecretary of State's Office
23January 31, 2020Malware ManagementInstalling Sophos EndPoint protection SW on workstations and serverIn ProcessEarly SeptemberVendorComputers Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH 45221
24January 31, 2020Workstation and Server Hardening / Patching:All workstations and servers have been hardened per CIS standards. Workstations are running Windows 10 enterprise edition and updated automatically. Servers are running Windows Server 2016 and are patched monthly.In ProcessEarly OctoberVendorComputers Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH 45221
25January 31, 2020Physical Security for Election IT EquipmentThe voter registration server will not be a workstation going forward. A separate workstation will be purchased.The voter registration server, network equipment, and any other related election equipment, other than individual workstations will be moved to a physically secure/locked room and will not be used for email or internet.In ProcessEnd SeptemberCounty IT and VendorComputers Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH 45221
26January 31, 2020Requirements for Elections Infrastructure VendorsWe will work with the voter registration vendor and any vendors with remote access to ensure they are compliantNot StartedEnd SeptemberVendorVR Vendor:Computers Inc.Michael Computer: 513-444-444465 Vine St. Cincinnati OH 45221
27January 31, 2020Backups of VR InformationAutomatically backed up nightly by VR vendor and stored off siteCompleteN/AVendorPlease provide information detailing how Voter Registration data is backed up and state if the back up is stored on site or at an offsite location.
&"-,Bold"&14Security Directive Implemetation Progress Report
Source Lists
[Choose Board of Elections from Dropdown List]Not StartedBoard IT
Adams County Board of ElectionsIn ProgressCounty IT
Allen County Board of ElectionsCompleteVendor
Ashland County Board of ElectionsSecretary of State's Office
Ashtabula County Board of Elections
Athens County Board of Elections
Auglaize County Board of Elections
Belmont County Board of Elections
Brown County Board of Elections
Butler County Board of Elections
Carroll County Board of Elections
Champaign County Board of Elections
Clark County Board of Elections
Clermont County Board of Elections
Clinton County Board of Elections
Columbiana County Board of Elections
Coshocton County Board of Elections
Crawford County Board of Elections
Cuyahoga County Board of Elections
Darke County Board of Elections
Defiance County Board of Elections
Delaware County Board of Elections
Erie County Board of Elections
Fairfield County Board of Elections
Fayette County Board of Elections
Franklin County Board of Elections
Fulton County Board of Elections
Gallia County Board of Elections
Geauga County Board of Elections
Greene County Board of Elections
Guernsey County Board of Elections
Hamilton County Board of Elections
Hancock County Board of Elections
Hardin County Board of Elections
Harrison County Board of Elections
Henry County Board of Elections
Highland County Board of Elections
Hocking County Board of Elections
Holmes County Board of Elections
Huron County Board of Elections
Jackson County Board of Elections
Jefferson County Board of Elections
Knox County Board of Elections
Lake County Board of Elections
Lawrence County Board of Elections
Licking County Board of Elections
Logan County Board of Elections
Lorain County Board of Elections
Lucas County Board of Elections
Madison County Board of Elections
Mahoning County Board of Elections
Marion County Board of Elections
Medina County Board of Elections
Meigs County Board of Elections
Mercer County Board of Elections
Miami County Board of Elections
Monroe County Board of Elections
Montgomery County Board of Elections
Morgan County Board of Elections
Morrow County Board of Elections
Muskingum County Board of Elections
Noble County Board of Elections
Ottawa County Board of Elections
Paulding County Board of Elections
Perry County Board of Elections
Pickaway County Board of Elections
Pike County Board of Elections
Portage County Board of Elections
Preble County Board of Elections
Putnam County Board of Elections
Richland County Board of Elections
Ross County Board of Elections
Sandusky County Board of Elections
Scioto County Board of Elections
Seneca County Board of Elections
Shelby County Board of Elections
Stark County Board of Elections
Summit County Board of Elections
Trumbull County Board of Elections
Tuscarawas County Board of Elections
Union County Board of Elections
Vanwert County Board of Elections
Vinton County Board of Elections
Warren County Board of Elections
Washington County Board of Elections
Wayne County Board of Elections
Williams County Board of Elections
Wood County Board of Elections
Wyandot County Board of Elections
-
Grant Funding Terms (cont.)• Funds must be spent appropriately and ensure best price is
received for any item or serviceo Each County must obtain three quotes from vendors offering the
required item or service o Miscellaneous items such as door locks, nuts & bolts, light switches… do not need
three quotes if under $500o Using the quote template provided, quotes must be submitted with a
final invoice to the Secretary of State’s Officeo If less than three vendors offer a required item or service, BOE must
certify that fact to the Secretary of State’s Office
-
Quote Template
-
Quote Template (cont.)
-
Grant Funding Terms (cont.)• Signed security agreement and all templates need to be
returned to [email protected]• BOEs are encouraged to utilize state term schedules to identify a
vendor offering competitive prices for a required item or service The schedule is available at: https://procure.ohio.gov/proc/contractssts.asp
mailto:[email protected]://procure.ohio.gov/proc/contractssts.asp
-
State of Ohio Procurement
-
State of Ohio Procurement (cont.)
-
Quote Example• To meet one of the requirements in the directive, the county
board of elections decides to purchase a laptopo The cost of one laptop is over $500o 3 quotes must be obtainedo Using the state procurement website, obtain the 3 quotes from
vendors that are on state term schedule https://procure.ohio.gov/proc/contractssts.asp
https://procure.ohio.gov/proc/contractssts.asp
-
Quote Example (cont.)
-
Quote Example (cont.)
-
Quote Example (cont.)
-
Quote Example (cont.)
-
Quote Example (cont.)DIRECTIVE 2019-08
PURCHASING QUOTES
County: (Choose from dropdown list)
ADAMS Vendor: Brown Enterprise Solutions, Inc
Directive Section: CIS Contact: gbrown@besolutions, LLC
Briefly describe (1) the Product/Service to be purchased, and (2) the Project related to the purchase (attach pages if necessary):
A laptop with a newer operating system is required to meet the CIS guidelines. Our current laptop is not running
a current version of an operating system to comply with the new requirements.
Product/Service Details
Line Quantity Part # Description Unit Price Total
1 1 Intel Core i5-8350u 15" Notebook $ 919.00 919.00
2 -
3 -
4 -
5 -
6 -
7 -
8 -
9 -
10 -
Subtotal 919.00
Shipping $ -
Total 919.00
mailto:gbrown@besolutions,%20LLC
-
Quote Example (cont.)• The final invoice packet must be sent to
[email protected]• The final invoice packet must include a copy of:
o A valid invoiceo Completed quote sheeto Copies of all quotes obtained
• The final invoice packet must include all required backup in one PDF file and name the file with “county – vendor”o Example: Adams – Dell.pdf
mailto:[email protected]
-
Grant Funding FAQs• FAQs
o What is the CDFA Number?• 90.404
o What is the issuing federal agency?• U.S. Election Assistance Commission
o When do we expect to receive the funds? • Approximately 1 business week from receipt of the signed Elections Security
Grant Agreement, the check will be sent by certified mail to county BOE which must be forwarded to your County Auditor for deposit
-
Security Directive Program Contacts• Diane Grosso – Project Manager
o [email protected] Phone: 614-995-1884
• Legal Intake Systemo Phone: (614) 728-8789
• HAVAGrant emailo [email protected]
mailto:[email protected]
-
Questions
Slide Number 1Grant Funding Q & A�Webinar�Grant FundingGrant Fund UseGrant Funding TermsTemplate #1Template #1 (cont.)Template #2Grant Funding Terms (cont.)Quote Template Quote Template (cont.) Grant Funding Terms (cont.)State of Ohio ProcurementState of Ohio Procurement (cont.)Quote ExampleQuote Example (cont.)Quote Example (cont.)Quote Example (cont.)Quote Example (cont.)Quote Example (cont.)Quote Example (cont.)Grant Funding FAQsSecurity Directive Program ContactsQuestions