PSAP On-Ramp Training
Public Safety Answering Points (PSAPs)
The American public relies on the nation's 911 call centers, known as Public Safety Answering Points (PSAPs), to be secure and resilient. CIRI's Cyber Secure Dashboard, which is based on the national standard NIST Cyber Security Framework (CSF), can help PSAPs evaluate their cyber risk. CIRI offers On-Ramp Training that helps PSAPs implement this critical tool.
Benefits of Participation
Participation in this pilot test program will significantly enhance the participating PSAP/ECC’s institutional knowledge, cybersecurity capabilities, and organizational/operational cybersecurity maturity. Upon completion of the training program participating organizations will:
- Have a full understanding of the NIST CSF cyber risk management process and be able to use it to identify, assess, implement, and manage cybersecurity risk;
- Be able to use the NIST CSF to create a new cybersecurity program (or improve on an existing one)
- Have a full understanding of:
- How to use the Cyber Secure Dashboard to manage cybersecurity processes and procedures in conformance to standards
- Cybersecurity policies developed by cybersecurity experts and tailored to the specific needs of the organization;
- Cybersecurity and maturity level requirements of the PSAP CSF Profile;
- Have completed an initial assessment of the organization’s overall cybersecurity posture against the PSAP CSF Profile conducted by qualified cybersecurity professionals from CIRI partners hand-in-glove with relevant staff of the participating PSAP through a learn-by-doing approach;
- Know how to assess compliance with individual cybersecurity controls (NIST 800-53) using NIST assessment standards (NIST 800-53A);
- Have an initial Plan of Actions & Milestones (POA&M) to achieve the PSAP’s target cybersecurity posture and maturity level;
- Know how to use the POA&M module to assign, schedule, and manage cybersecurity activities;
- Know how to publish automated reports of status for internal and external stakeholders;
- Be able to leverage proven and effective IT and cybersecurity controls and standard operating procedures to increase the security of their systems; and
- Be able to successfully apply for federal grants to subsidize cybersecurity training costs.
On-Ramp Training Services
The On-Ramp Training Service Package will be delivered entirely remotely by a private sector cybersecurity specialist firm selected, vetted, and qualified by CIRI. These professionals will work hand-in-glove with PSAP personnel through a guided, hands-on training program that will walk the PSAP staff through the process of understanding, implementing, and maintaining cyber risk management practices in alignment with national standards and best practices. CIRI is the overall manager of the Program and maintains quality assurance to ensure that each engagement delivers a standardized, high-quality package of tools and training services.
The On-Ramp Training Package consists of the following:
- One-year subscription to the Cyber Secure Dashboard cloud application
- Online Professional Training (developed and delivered by University of Illinois):
- Cybersecurity Fundamentals: focuses on a set of core security-related concepts across a range of domains, including: Threats and Vulnerabilities; Governance, Risk Management, and Compliance (GRC); Identity and Access Management; Physical Security; Security Engineering; Security Testing; and Security Operations
- The NIST Risk Management Framework (RMF) and NIST CSF cyber risk management process
- The PSAP CSF Profile and Cybersecurity Best Practices for PSAPs
- The features, functions, and workflow of the Cyber Secure Dashboard
- Guided, “Learn-by-Doing” Training while implementing the PSAP Profile (PSAP personnel are trained and guided by vetted and pre-qualified private sector cybersecurity organizations):
- Cybersecurity policy review and customization (9 policies provided in the Dashboard)
- Initial cybersecurity assessment (PSAP Profile using NIST assessment criteria)
- Creating, assigning, and managing remediation tasks via Dashboard POA&M module
- Uploading compliance artifacts to central repository; linking artifacts to cybersecurity requirements for ease of validation of compliance
- Creating automated reports for internal and external stakeholders
- Full training review and re-assessment (90-days after initial training)
At the conclusion of the training the PSAP will have achieved a reportable, baseline level of compliance with the NIST CSF-based PSAP Profile and its staff will have obtained the knowledge, resources and capabilities needed to continue managing the organization’s cyber risk in accordance with national cybersecurity standards and best practices toward an improved cybersecurity posture and enhanced organizational and operational cybersecurity maturity.