A - Primarily intended to fund technology
Department of Homeland Security (DHS)
Funding from the State and Local Cybersecurity Grant Program (SLCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by—or on behalf of—state, local and territorial (SLLT) governments. The Homeland Security Act of 2002, as amended by the Bipartisan Infrastructure Law requires grant recipients to develop a Cybersecurity Plan, establish a Cybersecurity Planning Committee to support development of the Plan, and identify projects to implement utilizing SLCGP funding. To support these efforts, recipients are highly encouraged to prioritize the following activities, all of which are statutorily required as a condition of receiving a grant:
- Developing the Cybersecurity Plan;
- Implementing or revising the Cybersecurity Plan;
- Paying expenses directly relating to the administration of the grant, which cannot exceed 5% of the amount of the grant award;
- Assisting with allowed activities that address imminent cybersecurity threats confirmed by DHS; and
- Other appropriate activities as noted in the funding notice.
Cybersecurity Planning Committee:
The Planning Committee is responsible for developing, implementing, and revising Cybersecurity Plans (including individual projects); formally approving the Cybersecurity Plan (along with the chief information officer, chief information security officer or an equivalent official); and assisting with determination of effective funding priorities (i.e., work with entities within the eligible entity's jurisdiction to identify and prioritize individual projects). To support these responsibilities, the Planning Committee must include the following entities:
- The eligible entity (i.e., state or territory);
- County, city, and town representation (if the eligible entity is a state);
- Institutions of public education within the eligible entity's jurisdiction;
- Institutions of public health within the eligible entity's jurisdiction; and
- As appropriate, representatives from rural, suburban, and high-population jurisdictions.
Funds may be used to hire personnel, however, the applicant must address how these functions will be sustained when the funds are no longer available in their application.
Cybersecurity planning committees in states, territories, and tribes must explain how they will address 16 cybersecurity elements. These elements include:
- How the applicant will manage, monitor, and track information systems, applications, and user accounts they own or operate.
- How the applicant will monitor, audit, and track network activity traveling to and from information systems, applications, and user accounts.
- How the applicant will enhance the preparation, response, and resiliency of information systems, applications, and user accounts against cybersecurity threats.
- How the applicant will implement continuous vulnerability assessments and threat mitigation to address cybersecurity threats to information systems, applications, and user accounts.
An eligible entity that receives a grant under this program and a local government that receives funds from a grant under this program must use the grant to:
- implement the Cybersecurity Plan of the eligible entity
- develop or revise the Cybersecurity Plan of the eligible entity
- pay expenses directly relating to the administration of the grant, which shall not exceed 5 percent of the amount of the grant;
- assist with activities that address imminent cybersecurity threats, as confirmed by the Secretary of Homeland Security, acting through the National Cyber Director, to the information systems owned or operated by, or on behalf of, the eligible entity or a local government within the jurisdiction of the eligible entity;
- fund any other appropriate activity determined by the Secretary of Homeland Security, acting through the National Cyber Director.
History of Funding
None is available.
Any entity that receives funds from a grant under this program may not use the grant:
- Supplanting state or local funds;
- Recipient cost-sharing contributions;
- Payment of a ransom from cyberattacks;
- Recreational or social purposes, or for any purpose that does not address cybersecurity risks or cybersecurity threats on SLTT information systems;
- Lobbying or intervention in federal regulatory or adjudicatory proceedings;
- Suing the federal government or any other government entity;
- Acquiring land or constructing, remodeling or altering buildings or other physical facilities; or
- Cybersecurity Insurance; or
- Any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalf of, the eligible entity or a local government within the jurisdiction of the eligible entity.
All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. States are required to pass down 80% of total funding to local and tribal governments which will then apply directly to their State Administrative Agency for funding.
State/territory were to be submitted by November 15, 2022 by 5:00 p.m., EST. Local deadlines are TBA.
Eligible entities can submit an application via Grants.gov. Applications may include a completed Cybersecurity Plan, capabilities assessment and individual projects approved by the Cybersecurity Planning Committee and CIO/CISO/equivalent. Entities without a completed plan are encouraged to apply and complete it in Year One.
CISA and FEMA will review each submission, and CISA will approve final Cybersecurity Plans and individual projects.
Once approved, FEMA will remove any holds that they placed on funding and eligible entities can execute projects and make sub-awards.
A total of $1 billion has been allocated for this program from FY2022 through FY2025. This program is appropriated $185 million for FY22, $400 million for FY23, $300 million for FY24 and $100 million for FY25. U.S. states and territories will be the only entities that can apply for grant awards under the SLCGP. Local entities receive sub-awards through states. The legislation requires states to distribute at least 80% of funds to local governments, with a minimum of 25% of the allocated funds distributed to rural areas.
For fiscal year 2022, the Secretary of Homeland Security has announced state-specific funding amounts. These can be found in the Notice of Funding (NOFO): https://www.grants.gov/web/grants/view-opportunity.html?oppId=343579
The match requirement for eligible entities will increase annually. In the case of a grant to a single entity:
- for fiscal year 2022, 10 percent;
- for fiscal year 2023, 20 percent
- for fiscal year 2024, 30 percent
- for fiscal year 2025, 40 percent
In the case of a grant to a multi-entity:
- for fiscal year 2022, no match is required
- for fiscal year 2023, 10 percent
- for fiscal year 2024, 20 percent
- for fiscal year 2025, 30 percent
Recent FUNDED Articles
New Funding Opportunities for K-12 School Safety - Sponsored by NetApp
Funding to Address High Crime Areas within Your Community - Sponsored by NetApp
Funding to Enhance Response, Investigation, and Prosecution of Domestic Violence - Sponsored by Panasonic