← Back to catalog

CFDA 97.128  ·  retired  ·  Funded this fiscal year

CISA Cyber Security Awareness Campaign

Cybersecurity and Infrastructure Security Agency  ·  HOMELAND SECURITY, DEPARTMENT OF  ·  Program page ↗

Objective

CISA’s mission is to lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. In carrying out this mission, Section 2202 of the Homeland Security Act of 2002 assigns CISA with the responsibilities to coordinate a national effort to secure and protect against critical infrastructure risks, carry out cybersecurity and critical infrastructure stakeholder outreach and engagement, and encourage and build cybersecurity awareness and competency across the United States. Section 102 of the Homeland Security Act of 2002 authorizes CISA to make cooperative agreements in carrying out these responsibilities. In carrying out its mission and pursuant to these authorities, CISA provides financial assistance under the Cybersecurity Awareness Campaign Program to non-federal entities to perform cybersecurity awareness activities to reduce cybersecurity risks through messaging, tools, and resources to encourage individuals and organizations to reduce their exposure to malicious cyber activity. Through strategies implemented year-round with a focal point of Cybersecurity Awareness Month in October, a recipient under a federal award will engage in efforts to improve the public’s understanding of cyber threats, amplify opportunities that individuals and non-federal entities can leverage to strengthen their own cybersecurity posture, and encourage discussion, engagement, and actions that can be taken to reduce cyber risk. CISA has established the following six goals for the Cybersecurity Awareness Campaign Program: (1) strengthen the security and resilience of critical infrastructure; (2) assess and counter evolving cybersecurity risks through actions that promote threat risk reduction; (3) build a national culture of preparedness and ensure equity and accessibility to increase online and digital safety; (4) build stakeholder relationships that encourage and support data-driven actions by state, local, tribal, and territorial governments, for-profit and nonprofit organizations, other non-federal entities, and individuals that reduce cybersecurity risk; (5) reinforce the importance of secure by default and secure by design industry practices that do not place the first line of cyber threat risk reduction on those with the least capabilities and resources; and (6) encourage activities supported by data which result in key behavior change that reduce cyber risk. In support of the six program goals, CISA has established the following six objectives for the Cybersecurity Awareness Campaign Program: (1) educate the public and non-federal entities about the dangers of cyber threats and key actions to mitigate risks; (2) promote sustainable cybersecurity and encourage the technology industry to provide secure-by-default technology products and technology that is secure-by-design; (3) identify effective approaches to increase cybersecurity awareness among the general public and target audiences; (4) build relationships and coalitions across cybersecurity stakeholders to support Cybersecurity Awareness Month; (5) develop a baseline from which to measure the impact Cybersecurity Awareness Month campaign strategies and messaging has on changing behavior and increasing public awareness of cybersecurity risk; and (6) contribute to CISA’s efforts to build a culture of preparedness. The Cybersecurity Awareness Campaign Program aligns with Goal 3: Secure Cyberspace and Critical Infrastructure and Goal 5: Strengthen Preparedness and Resilience under the 2020-2024 Department of Homeland Security Strategic Plan. It also supports Goal 2: Risk Reduction and Resilience and Goal 3: Operational Collaboration under the CISA Strategic Plan 2023-2025.

Who Can Apply

  • Nonprofit with 501C3 IRS Status (Other than Institution of Higher Education)

Nonprofit organizations, other than institutions of higher education, with an effective ruling letter from the U.S. Internal Revenue Service granting tax exemption under Section 501(c)(3) of the Internal Revenue Code of 1986 A recipient under the Cybersecurity Awareness Campaign Program must be a nonprofit organization with an effective ruling letter from the U.S. Internal Revenue Service granting tax exemption under Section 501(c)(3) of the Internal Revenue Code of 1986. A “nonprofit organization” means any organization that: (1) is operated primarily for scientific, educational, service, charitable, or similar purposes in the public interest; (2) is not organized primarily for profit; (3) uses net proceeds to maintain, improve, or expand the organization’s operations; and (4) is not an institution of higher education as defined at 20 U.S.C. § 1001.

Who Benefits

  • Public nonprofit institution/organization

Individuals, businesses, states, local governments, Indian tribes, institutions of higher education, and nonprofit organizations The beneficiaries of a Cybersecurity Awareness Campaign cooperative agreement award are the individuals and non-federal entities that will experience the benefits of the information provided by a recipient through its cybersecurity awareness activities. As these activities are intended to reach all individuals and non-federal entities in the United States, the beneficiaries include individuals, businesses, states, local governments, Indian tribes, institutions of higher education, and nonprofit organizations

Assistance Types

  • Cooperative Agreements

Program Contact

Laura.Edwards@cisa.dhs.gov
202-655-6763