CYBERSECURITY
PUERTO RICO
INNOVATION &
TECHNOLOGY
service
State and Local
Cybersecurity Grant Program
SLCGP
The Puerto Rico Cybersecurity Plan was created thanks to the grant from the United States Department of Homeland Security, No. EMW-2022-CY-00035
Why did Puerto Rico develop a holistic, PR wide Cybersecurity Plan?
What is the Puerto Rico Cybersecurity Planning Committee and what does it do?
the SLCGP to develop, revise, and implement the Puerto Rico Cybersecurity Plan, as well as identify and prioritize cybersecurity projects for grant funding.
Why is the SLCGP and the PR Cybersecurity Plan important to the
citizens of Puerto Rico?
Cybersecurity Plan Overview
Vision
both the infrastructure and systems of the Commonwealth of Puerto Rico and the personal data of its citizens, while promoting economic growth and societal progress.
Mission
Goals
Establish centralized cybersecurity governance, policies & standards, and recommended baselines for cybersecurity and resilience across Puerto Rico.
Objetives
1.1 Continue, enhance, and expand the Cybersecurity Planning Committee to involve and meet the cybersecurity needs of an increasing number of stakeholders.
1.2 Develop and promulgate a cybersecurity framework based on industry leading practices, such as the NIST CSF.
1.3 Develop, test, and enhance cyber incident response and business continuity plans, processes, and procedures.
Understand cybersecurity posture and continually assess risk to entities across PuertoRico.
Objetives
2.1 Perform continual, comprehensive, and periodic (e.g., annual) cyber risk assessments.
2.2 Maintain complete inventories of IT and operational technology (OT) hardware and software owned or operated by or on behalf of government entities.
2.3 Continually assess government entities’ cybersecurity maturity and identify areas for enhancement.
2.4 Obtain CISA Cyber Hygiene assessments across external government networks and web applications.
2.5 Perform recurring vulnerability scans of internal and external networks, systems, and applications.
Protect citizen data, secure digital public services, and enhance the resilience of critical infrastructure throughout Puerto Rico.
Objetives.
Objetives
3.1 Migrate all remaining and appropriate government domains to the .gov Internet domain.
3.2 Upgrade or replace outdated, end-of-life, and unsupported software.
3.3 Establish effective software patch management processes.
3.4 Implement architectural measures and controls to protect data at rest and in transit from unauthorized access and use.
3.5 Enhance identity and access management, particularly for administrative and other privileged accounts.
- 3.5.1 Implement strong password policies and controls.
- 3.5.2 Require Multi-Factor Authentication (MFA) for public services and government accounts.
3.6 Implement and enhance system and network logging and monitoring capabilities.
Cultivate Puerto Rico’s government cybersecurity workforce through education, training, and partnerships.
Objetives
4.1 Adopt and leverage the NICE Framework (i.e., Workforce Framework for Cybersecurity) to build and enhance cyber workforce development, training, and retention programs.
4.2 Continually deliver cybersecurity awareness training to all government personnel, including simulated phishing campaigns targeting specific users.
4.3 Develop and provide specialized, role-and skills-based cybersecurity training for cyber, IT, and OT teams.
4.4 Establish a cybersecurity mentorship program between students and cyber & IT professionals.
Promote a secure cyberculturethroughout Puerto Rico.
Objetives
5.1 Develop and launch cyber awareness and education initiatives for businesses, educational institutions, and citizens.
5.2 Establish and enhance public-private partnerships aimed at improving cybersecurity across Puerto Rico.