Funding Agency Cybersecurity/Data Protection Plans
WVU Guidance for completing Cybersecurity Plans:
- If technology assets are managed by WVU ITS or under WVU ITS policies, use University policies as the basis for the plan. This link provides the current policies, standards and procedures in place for the University to protect against cybersecurity attacks. These policies are in place for most equipment in Shared Research Facilities.
- For assets managed by ITS or according to University policy, reference the policies in the applicable sections of the plan.
- For assets not managed by ITS or according to University policy, include research project level processes that will be used to manage cybersecurity threats for the asset.
- Medium and High Risk plans must be reviewed. Consultations are available to review draft plans.
Department of Energy - OCED
Section 40126 of the Infrastructure Investment and Jobs Act (IIJA), also known as the Bipartisan Infrastructure Law (BIL), authorizes the Secretary of Energy to require that certain projects funded under the law include a cybersecurity plan. This guidance document provides information about the cybersecurity plan that selectees may have to submit to the Office of Clean Energy Demonstrations (OCED) prior to receiving funding.