.png){kind=logo}
How Colorado Is Protecting Its BEAD Investment
Project Information
THE CHALLENGE
The NTIA BEAD Notice of Funding Opportunity (NOFO) requires all prospective subgrantees to attest that they maintain an operational cybersecurity risk management plan and a supply chain risk management (SCRM) plan before receiving any grant funds. For most broadband operators — especially small and rural internet service providers, municipalities, utilities, and tribal governments — this is a technically demanding requirement with a compressed timeline and limited internal resources to meet it.
Without centrally procured technical assistance, most subgrantees would face this requirement alone, at their own cost and without the cybersecurity expertise to navigate it.
THE CLIENT
The Colorado Broadband Office (CBO) is the state office for broadband collaboration and coordination, located within the Governor’s Office of Information Technology. The Colorado Broadband Office (CBO) is charged with distributing $420.6 million in federal BEAD funding to connect approximately 96,000 currently unserved locations across Colorado. To protect the integrity of that investment, the CBO established a technical assistance program to help subgrantees meet the NTIA’s cybersecurity and SCRM plan requirements — engaging Securance to deliver that assistance on the state’s behalf, at no cost to subgrantees.
THE SECURANCE SOLUTION
The CBO contracted with Securance to provide cybersecurity and SCRM plan technical assistance to multiple BEAD subgrantees across Colorado. Securance applied a standardized, evidence-based methodology to each engagement, ensuring consistent and comparable results across a diverse subgrantee population.
For each subgrantee, Securance:
- Conducted an initial interview and needs assessment to scope the engagement and confirm the applicable compliance standard (CISA CPGs for smaller organizations and the full NIST CSF 2.0 for larger ones).
- Delivered a framework orientation at kickoff, translating NIST and CISA requirements into operational language the subgrantee’s staff could understand and act on.
- Performed a comprehensive cybersecurity risk assessment evaluating applicable controls through a documentation review, structured personnel interviews, and direct artifact validation.
- Conducted an SCRM assessment covering vendor governance, critical component mapping, and SCRM controls aligned to NISTIR 8276 and NIST SP 800-161.
- Developed NTIA BEAD NOFO-compliant cybersecurity and SCRM plans for each subgrantee, including an IT and operational technology asset inventory, risk mitigation actions, and a prioritized remediation roadmap.
- Delivered a cybersecurity plan closeout package with disposition instructions and a complete documentation index for the transfer of critical infrastructure cyber assets.
QUANTIFIABLE VALUE Partnering with Securance enabled the CBO to meet the NTIA’s subgrantee cybersecurity attestation requirements at scale, across a diverse mix of organization types and sizes, without placing the compliance burden on subgrantees. Securance delivered consistent, comparable assessment reports and BEAD-compliant plans. As a result, subgrantees demonstrated measurable compliance progress within each engagement period. The standardized program model Securance developed is now validated for replication across additional subgrantees and other state BEAD programs. Whether your state broadband office is planning a cybersecurity technical assistance program or your subgrantees are struggling to meet the NTIA's compliance requirements, Securance has the expertise and experience to deliver results. Contact us for a consultation today.