State and Local Cybersecurity Grant Program (SLGCP) – Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program, appropriating $1 billion to be awarded over four years. The goal of SLCGP is to assist state, local, and territorial governments with managing and reducing systemic cyber risk: State and Local Cybersecurity Grant Program | CISA
Cybersecurity Performance Goals (CPGs) – CPGs are a prioritized subset of IT and OT cybersecurity practices aimed at meaningfully reducing risk. If you have limited people and funds, the CPGs will show you where to start to invest to make the greatest impact at: Cross-Sector Cybersecurity Performance Goals | CISA
Multi-Factor Authentication (MFA) – Implementing MFA especially phishing-resistant MFA is the single greatest action you can take to reduce both IT and OT cyber vulnerabilities. Check-out: CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication | CISA
Known Exploited Vulnerabilities (KEVs) – This is the authoritative source of cyber vulnerabilities that have been exploited by adversaries. IT/OT staff should review this list to see if any of your vendor’s hardware or software is on it and then take action: Reducing the Significant Risk of Known Exploited Vulnerabilities (cisa.gov)
In addition to the above, the “15 Cybersecurity Fundamentals for Water and Wastewater Utilities” provides best practices to reduce cyber vulnerabilities at: 15 Cybersecurity Fundamentals for Water and Wastewater Utilities | WaterISAC