Please ensure Javascript is enabled for purposes of website accessibility
Portal oficial del Gobierno de Puerto Rico. 
Un sitio web oficial .pr.gov pertenece a una organización oficial del Gobierno de Puerto Rico.
Los sitios web seguros .pr.gov usan HTTPS, lo que significa que usted se conectó de forma segura a un sitio web.
IT's Forward Thinking

State and Local
Cybersecurity Grant Program

SLCGP

The SLCGP will provide over $12.6 million over four years in federal grant funding to help boost the cybersecurity posture and reduce systemic cyber risk to Government of Puerto Rico (GPR) agencies, municipalities, and critical infrastructure sector entities across th e I sland.
The Puerto Rico Cybersecurity Plan was created thanks to the grant from the United States Department of Homeland Security, No. EMW-2022-CY-00035

Why did Puerto Rico develop a holistic, PR wide Cybersecurity Plan?

The Puerto Rico Cybersecurity Plan, a 2 year strategic planning document, is an initial, main requirement for participation in the SLCGP. The Cybersecurity Plan was developed and first approved by the PR Cybersecurity Planning Committee and then submitted to the U.S . Cybersecurity and Infrastructure Security Agency (CISA) for review in Sep. 2023, with CISA approving the Plan within one day of receipt.

What is the Puerto Rico Cybersecurity Planning Committee and what does it do?

The Cybersecurity Planning Committee, chaired by Antonio Ramos Guardiola, Chief Technology Officer for the GPR, is required by
the SLCGP to develop, revise, and implement the Puerto Rico Cybersecurity Plan, as well as identify and prioritize cybersecurity projects for grant funding.

Why is the SLCGP and the PR Cybersecurity Plan important to the
citizens of Puerto Rico?

GPR agencies and municipalities store, process, and transmit a variety of personally identifiable information (PII) and other sensitive data of citizens across Puerto Rico, and the projects prioritized for grant funding will identify, assess, and mitigate cyber risks to sensitive citizen data as well as to the essential government services that the people of Puerto Rico rely upon every day.

Cybersecurity Plan Overview

Vision

Establish a robust, dynamic, and resilient cybersecurity nvironment, safeguarding
both the infrastructure and systems of the Commonwealth of Puerto Rico and the personal data of its citizens, while promoting economic growth and societal progress.

Mission

To proactively design, implement, and maintain cutting edge cybersecurity measures that prioritize the protection of the Commonwealth of Puerto Rico’s infrastructure and its citizens’ data. Through collaboration, continuous learning, and innovation, we aim to foster a secure digital landscape that bolsters economic and social prosperity, fully capitalizing on emerging technologies as an engine for progress.

Goals

#1 Establish Governance

Establish centralized cybersecurity governance, policies & standards, and recommended baselines for cybersecurity and resilience across Puerto Rico.

Objetives

1.1 Continue, enhance, and expand the Cybersecurity Planning Committee to involve and meet the cybersecurity needs of an increasing number of stakeholders.

1.2 Develop and promulgate a cybersecurity framework based on industry leading practices, such as the NIST CSF.

1.3 Develop, test, and enhance cyber incident response and business continuity plans, processes, and procedures.

#2 Assess Risk

Understand cybersecurity posture and continually assess risk to entities across PuertoRico.

Objetives

2.1 Perform continual, comprehensive, and periodic (e.g., annual) cyber risk assessments.

2.2 Maintain complete inventories of IT and operational technology (OT) hardware and software owned or operated by or on behalf of government entities.

2.3 Continually assess government entities’ cybersecurity maturity and identify areas for enhancement.

2.4 Obtain CISA Cyber Hygiene assessments across external government networks and web applications.

2.5 Perform recurring vulnerability scans of internal and external networks, systems, and applications.

#3 Enhance Resilience

Protect citizen data, secure digital public services, and enhance the resilience of critical infrastructure throughout Puerto Rico.

Objetives.

Objetives

3.1 Migrate all remaining and appropriate government domains to the .gov Internet domain.

3.2 Upgrade or replace outdated, end-of-life, and unsupported software.

3.3 Establish effective software patch management processes.

3.4 Implement architectural measures and controls to protect data at rest and in transit from unauthorized access and use.

3.5 Enhance identity and access management, particularly for administrative and other privileged accounts.

  • 3.5.1 Implement strong password policies and controls.
  • 3.5.2 Require Multi-Factor Authentication (MFA) for public services and government accounts.

3.6 Implement and enhance system and network logging and monitoring capabilities.

#4 Develop Cybersecurity Workforce

Cultivate Puerto Rico’s government cybersecurity workforce through education, training, and partnerships.

Objetives

4.1 Adopt and leverage the NICE Framework (i.e., Workforce Framework for Cybersecurity) to build and enhance cyber workforce development, training, and retention programs.

4.2 Continually deliver cybersecurity awareness training to all government personnel, including simulated phishing campaigns targeting specific users.

4.3 Develop and provide specialized, role-and skills-based cybersecurity training for cyber, IT, and OT teams.

4.4 Establish a cybersecurity mentorship program between students and cyber & IT professionals.

#5 Promote Secure Cyberculture

Promote a secure cyberculturethroughout Puerto Rico.

Objetives

5.1 Develop and launch cyber awareness and education initiatives for businesses, educational institutions, and citizens.

5.2 Establish and enhance public-private partnerships aimed at improving cybersecurity across Puerto Rico.

Cybersecurity Planning Committee

To help identify Puerto Rico’s cyber priorities, the GPR established Puerto Rico’s first Cybersecurity Planning Committee (CPC), led by Puerto Rico’s Innovation & Technology Service (PRITS) Chief Technology Officer Antonio J. Ramos Guardiola.The CPC consists of members from the Government of Puerto Rico (GPR), local government organizations (municipalities), higher ed, and public health organizations. Their purpose is to lead efforts to build cybersecurity capabilities across PR’s cyberspace and critical infrastructure sectors.

Antonio J. Ramos Guardiola

Chief Innovation and Information Officer PRITS Executive Director
Cybersecurity Planning Committee Chair

Alexis Torres

State Administrative Agent Homeland Security Advisor
Secretary, PR Department of Public Safety

Poincaré Díaz-Peña

Chief Information Security Officer (CISO)
PRITS

Juan C. Blanco

Executive Director
PR Office of Management and Budget (PROMB)

Hiram Rivera

Chief Information Technology Officer
Department of Health

Juan C. Rivera-Vázquez

Chief Information Technology Officer
Department of Public Safety

Taviana Nevares

Planner – Office of Federal Affairs
PR Department of Public Safety

Raúl Falcón

Director of Technology
Municipality of Bayamón

Pablo Rebollo-Sosa

Chief Security Officer
University of Puerto Rico

Víctor J. León-Soto

Cyber Technology Specialist
PRITS

Francisco Rivera-Muñiz

Chief Information Officer (CIO)
Municipality of Camuy

Ángel Morales-Vázquez

Acting Assistant Secretary for Municipality Affairs
La Fortaleza