Notice of Funding Opportunity: Cybersecurity Awareness Campaign (US)

Deadline: 3-Aug-23

The Office of Procurement Operations is pleased to announce the Cybersecurity Awareness Campaign to provide awareness to the Nation concerning cybersecurity risks and provide messaging, tools and resources that encourage the American public, business and industry to reduce their exposure to online risks and malicious actors.

Through strategies both implemented during Cybersecurity Awareness Month in October, and encouraged throughout the year, the campaign seeks to improve the public’s understanding of cyber threats as well as amplify opportunities Americans can leverage to strengthen their own cybersecurity posture and encourage year-round discussion, engagement, and actions they must all take every day to reduce cyber risk.

Goals

• This cooperative agreement supports the CISA Cybersecurity Awareness Campaign of which Cybersecurity Awareness Month held annually during October, is a focal point of the messaging and activities to accomplish the following Goals and encourage year-round actions to reduce such risks:
  • Goal 1: Strengthen the security and resilience of critical infrastructure.
  • Goal 2: Assess and counter evolving cybersecurity risks through actions that promote threat risk reduction.
  • Goal 3: Build a national culture of preparedness for all Americans, ensuring equity and accessibility in the efforts to increase online and digital safety.
  • Goal 4: Build stakeholder relationships that encourage and support data-driven actions by governments, the private sector, tribes, non-profits, and the public that reduce cybersecurity risk.
  • Goal 5: Reinforce the importance of secure by default and secure by design industry practices that do not place the first line of cyber threat risk reduction on those with the least capabilities and resources.
  • Goal 6: Encourage activities supported by data which result in key behavior change that reduce cyber risk.
• October 2023, marks the 20th Cybersecurity Awareness Month and the campaign will execute a research and data-driven strategy that supports implementation of specific programs, activities, and outreach efforts that encourage year-round changes in behaviors that reduce cyber risk, and that are supported through messaging, materials and products throughout both Cybersecurity Awareness Month and throughout the year.

Objectives

• The following objectives will support the goals of the Cybersecurity Awareness Campaign:
  • Objective 1: Educate the public, small businesses, and industry about the dangers of cyber threats and key actions that can be taken to mitigate risks.
  • Objective 2: Promote sustainable cybersecurity and encourage the technology industry to provide secure-by-default technology products with strong security features right out of the box, without added costs; and technology that is secure by-design, purposefully developed, built, and tested to significantly reduce the number of exploitable flaws before they are introduced into the market for broad use.
  • Objective 3: Identify effective approaches to increase cybersecurity awareness among the general public and target audiences, including vulnerable populations and those with disabilities that may make it challenging to take actions that reduce risk.
  • Objective 4: Build relationships and coalitions across cybersecurity stakeholders to support Cybersecurity Awareness Month.
  • Objective 5: Develop a baseline from which they can begin to measure the impact Cybersecurity Awareness Month campaign strategies and messaging has on changing behavior, increasing public awareness of cybersecurity risk.
  • Objective 6: Contribute to the agency’s efforts to build a culture of preparedness, by informing and empowering communities and individuals to obtain the skills and take the preparatory actions necessary to become more resilient against threats and hazards Americans face.

Funding Information

• Available Funding for the NOFO: $549,996.00
• Projected Number of Awards: One (1)
• Period of Performance: 29 Months (An extension to the period of performance is allowable)
• Projected Period of Performance Start Date(s): 9/30/2023
• Projected Period of Performance End Date(s): 2/28/2026

Tasks  

• Strategy Development  
  • Assess current and future cybersecurity awareness needs for the general public, as well as for targeted segments based on susceptibility to cyber threats and receptivity to adopting cybersecurity practices.
  • Perform market research to determine target audiences’ interests, needs and barriers to adopting cybersecurity best practices to inform design and execution of Cybersecurity Awareness Campaign (the Campaign), culminating in Cybersecurity Awareness Month in October, to address cybersecurity risk most effectively. Further promote an annual Cybersecurity Awareness Campaign, that includes development of a coordinated strategy to engage partners and raise the visibility of CISA’s Cybersecurity Awareness Month (October), to include tailored activities for specific audiences.
  • Measure, analyze and report on the effectiveness of awareness efforts and associated outcomes, to include:
    • Developing a methodology for measuring the Campaign’s Cybersecurity Awareness Month outreach and outcomes.
    • Establishing baselines for awareness and actions associated with the Campaign’s Cybersecurity Awareness Month
  • Conduct research to measure behavior changes due to the Cybersecurity Awareness Month exposure/saturation to determine program effectiveness and measurement of project, group and/or individual activities that encourage cybersecurity risk reduction actions by the targeted audiences so they might be used throughout the year. Such research may include:
    • Identification of changes influenced by campaign promotion and specific events, or tactics executed
    • Analysis of broad shifts in public attitudes or policies, measured through independent studies, government surveys, or polls o Analysis and identification of activities that encourage cyber risk reduction by targeted audiences o
  • Viable applicants must ensure they address capabilities and approach to driving behavior change among wide-ranging audiences. Capturing the number of hits on websites and relevant social media platforms
• Cybersecurity Awareness Month Materials Production
  • In coordination with CISA, create aligned, visually engaging, action oriented and outcome driven cybersecurity awareness collateral that can be leveraged by diverse stakeholder groups and serve as a repository for cybersecurity awareness-related activities and collateral that can be launched for cybersecurity awareness month and used throughout the year.
  • Develop and execute creative website content and additional communication mediums for dissemination and promotion of cybersecurity messaging.
  • Develop and execute digital content and additional communication mediums for dissemination and promotion of cybersecurity messaging, ensuring complete alignment within and produce visually engaging, action oriented and outcome driven cybersecurity awareness collateral applicable for launch during cybersecurity awareness month and can be utilized year-round.
• Stakeholder Engagement and Outreach
  • Development of an all-encompassing engagement strategy to include stakeholder and partnership mapping, engagement campaign planning and execution of activities undertaken during the Campaign’s Cybersecurity Awareness Month seeking to increase awareness and utilization of CISA’s products and services, through CISA’s integration of public and private sector considerations, requirements, and objectives in mission planning.
  • Establish formal and informal partnerships with key cybersecurity stakeholder groups to reach target audiences and communities, which includes facilitating both new and improved partnerships, to execute a comprehensive Cybersecurity Awareness Campaign reaching across a wide range of audiences and communications channels during Cybersecurity Awareness Month.
  • Develop a coordinated messaging effort with public and private sector partners.
  • Establish and maintain a professional partnership and engagement tracking mechanism, which is accessible and developed in coordination with CISA’s Cybersecurity Awareness Campaign team.
  • The recipient must address how it will coordinate and collaborate with stakeholder groups in creative ways (e.g., current, and potential campaign partners), which span the public, tribal, non-profit, and public and private sectors. This includes how the recipient will coordinate with existing cybersecurity awareness work being conducted by CISA and other federal agencies.
• Cross-promotion of Cybersecurity Resources
  • Utilize, incorporate, and promote DHS/CISA cybersecurity programs/resources wherever applicable and relevant.
  • Align awareness/outreach efforts to the CISA Strategic Plan, CISA/SED Stakeholder Engagement Plan, CISA’s new Public Awareness Program, and CISA messaging, for long-term success, and create new and innovative ideas, content, and strategies for the Campaign’s Cybersecurity Awareness Month that can be utilized throughout the year.
• Execute Cybersecurity Awareness Month Activities
  • Secure and conduct media engagement to promote Cybersecurity Awareness Campaign, and associated, available resources, to increase cybersecurity actions amongst the general public and target segments.
  • The recipient will be required to organize, execute, and reach audiences with inperson events across the country, web-based outreach and use multiple media channels (from traditional media to social media).
  • Create, produce, and disseminate the Campaign’s Cybersecurity Awareness Month materials to include partner toolkits, web content, public service announcements, social media content, graphics and print materials supporting identified themes.
  • Plan and produce targeted events to promote the month in geographically diverse locations with a variety of themes and audience targets, including a “Cybersecurity Awareness Month kick-off” event.
• Program Management
  • Provide CISA with timely reports that accurately reflect the recipient’s progress toward agreed-upon awareness program goals as determined by CISA and the recipient throughout the period of performance.
  • Determine contingency plans for unexpected program changes.
  • In coordination with CISA, develop an after-action report that identifies successes, highlights key metrics of the campaign, lessons-learned and best-practices, and areas to build on for future years, draft to be delivered by November 30, following Cybersecurity Awareness Month.
  • In coordination with CISA, provide the number, a list for, and all points of contact for all stakeholders by partner type, who participate in the Campaign’s Cybersecurity Awareness Month.
  • In coordination with CISA provide a list and examples of all material, posts, key messages, and other external facing materials in support of cybersecurity awareness month.

Eligibility Criteria

• Nonprofit organizations, other than institutions of higher education, with an effective ruling letter from the U.S. Internal Revenue Service granting tax exemption under Section 501(c)(3) of the Internal Revenue Code of 1986.
• Applicants whose mission is dedicated to promoting cybersecurity-related awareness and safe behavior online, and any proposed sub recipient, must provide documentation of non-profit status and tax exemption under Section 501(c)(3). Any of the following constitutes acceptable proof of non-profit status:
  • A reference to the applicant organization’s listing in the Internal Revenue Service’s (IRS).
  • A copy of a currently valid IRS tax exemption certificate.
• In addition, DHS will not consider multiple applications from a single organization serving as the lead. If more than one application is submitted by a single organization as the lead, the later in time will be considered, unless the later application clearly indicates a unique role for that organization, other than as lead for this activity.

For more information, visit Grants.gov.