State and Local Cybersecurity Grant Program (SLCGP)

 
  • Grants Office Grantwriting service fee is currently unavailable for this grant
    Get more information on grantwriting

    CFDA#

    97.137
     

    Funder Type

    Federal Government

    IT Classification

    A - Primarily intended to fund technology

    Authority

    Department of Homeland Security (DHS)

    Summary

    The goal of the State and Local Cybersecurity Grant Program (SLCGP) is to assist state, local and tribal governments with managing and reducing systemic cyber risk. This goal can be achieved over the course of the four years of SLCGP funding as applicants focus their Cybersecurity Plans, priorities, projects, and implementation toward addressing the SLCGP objectives. Once CISA confirms that a recipient has met their objective requirements for each fiscal year, the recipient moves to the next set of program objective(s).


    FY23 State and Local Cybersecurity Grant Program:


    Our nation faces unprecedented cybersecurity risks, including increasingly sophisticated adversaries, widespread vulnerabilities in commonly used hardware and software, and broad dependencies on networked technologies for the day-to-day operation of critical infrastructure. Cyber risk management is further complicated by the ability of malicious actors to operate remotely, linkages between cyber and physical systems, and the difficulty of reducing vulnerabilities.

    Considering the risk and potential consequences of cyber incidents, strengthening the cybersecurity practices and resilience of state, local and territorial (SLT) governments is an important homeland security mission and the primary focus of SLCGP. Through funding from the Infrastructure Investment and Jobs Act referred to as the Bipartisan Infrastructure Law (BIL) throughout this document, the SLCGP enables DHS to make targeted cybersecurity investments in SLT government agencies, thus improving the security of critical infrastructure and improving the resilience of the services SLT governments provide their communities.


    The Fiscal Year (FY) 2023 SLCGP aligns with the National Cybersecurity Strategy by addressing three of the five pillars:

    • Pillar One – Defend Critical Infrastructure,
    • Pillar Two – Disrupt and Dismantle Threat Actors, and
    • Pillar Four – Invest in a Resilient Future.

    The FY 2023 SLCGP also addresses the 2020-2024 DHS Strategic Plan https://www.dhs.gov/publication/department-homeland-securitys-strategic-plan-fiscal-years-2020-2024 by helping DHS achieve Goal 3: Secure Cyberspace and Critical Infrastructure.


    During FY 2022, applicants focused on Program Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure continuity of operations.


    In FY 2023, applicants are required to focus on addressing the following program objectives in their applications:

    • Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
    • Objective 3: Implement security protections commensurate with risk.
    • Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

    For FY 2023, there are no new Cybersecurity Planning Committee and Cybersecurity Plan requirements. CISA considers the plans as living documents that states and territories may update and resubmit, if desired.


    Cybersecurity Best Practices for Individual Projects:

    • Implement multi-factor authentication
    • Implement enhanced logging
    • Data encryption for data at rest and in transit
    • End use of unsupported/end of life software and hardware that are accessible from the internet
    • Prohibit use of known/fixed/default passwords and credentials
    • Ensure the ability to reconstitute systems (backups)
    • Actively engage in bidirectional sharing between CISA and SLT entities in cyber relevant time frames to drive down cyber risk
    • Migration to the .gov internet domain

    FY22 State and Local Cybersecurity Grant Program:


    Funding from the State and Local Cybersecurity Grant Program (SLCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by—or on behalf of—state, local and territorial (SLLT) governments. The Homeland Security Act of 2002, as amended by the Bipartisan Infrastructure Law requires grant recipients to develop a Cybersecurity Plan, establish a Cybersecurity Planning Committee to support development of the Plan, and identify projects to implement utilizing SLCGP funding. To support these efforts, recipients are highly encouraged to prioritize the following activities, all of which are statutorily required as a condition of receiving a grant:

    • Developing the Cybersecurity Plan;
    • Implementing or revising the Cybersecurity Plan;
    • Paying expenses directly relating to the administration of the grant, which cannot exceed 5% of the amount of the grant award;
    • Assisting with allowed activities that address imminent cybersecurity threats confirmed by DHS; and 
    • Other appropriate activities as noted in the funding notice. 

    Cybersecurity Planning Committee:

    The Planning Committee is responsible for developing, implementing, and revising Cybersecurity Plans (including individual projects); formally approving the Cybersecurity Plan (along with the chief information officer, chief information security officer or an equivalent official); and assisting with determination of effective funding priorities (i.e., work with entities within the eligible entity's jurisdiction to identify and prioritize individual projects). To support these responsibilities, the Planning Committee must include the following entities:

    • The eligible entity (i.e., state or territory);
    • County, city, and town representation (if the eligible entity is a state);
    • Institutions of public education within the eligible entity's jurisdiction;
    • Institutions of public health within the eligible entity's jurisdiction; and
    • As appropriate, representatives from rural, suburban, and high-population jurisdictions.

    Funds may be used to hire personnel, however, the applicant must address how these functions will be sustained when the funds are no longer available in their application.


    Cybersecurity planning committees in states, territories, and tribes must explain how they will address 16 cybersecurity elements. These elements include:

    • How the applicant will manage, monitor, and track information systems, applications, and user accounts they own or operate.
    • How the applicant will monitor, audit, and track network activity traveling to and from information systems, applications, and user accounts.
    • How the applicant will enhance the preparation, response, and resiliency of information systems, applications, and user accounts against cybersecurity threats.
    • How the applicant will implement continuous vulnerability assessments and threat mitigation to address cybersecurity threats to information systems, applications, and user accounts.

    An eligible entity that receives a grant under this program and a local government that receives funds from a grant under this program must use the grant to:

    1. implement the Cybersecurity Plan of the eligible entity
    2. develop or revise the Cybersecurity Plan of the eligible entity
    3. pay expenses directly relating to the administration of the grant, which shall not exceed 5 percent of the amount of the grant;
    4. assist with activities that address imminent cybersecurity threats, as confirmed by the Secretary of Homeland Security, acting through the National Cyber Director, to the information systems owned or operated by, or on behalf of, the eligible entity or a local government within the jurisdiction of the eligible entity;
    5. fund any other appropriate activity determined by the Secretary of Homeland Security, acting through the National Cyber Director.
     

    History of Funding

    Total funding for FY22 was $185,024,069. For fiscal year 2022, the Secretary of Homeland Security announced state-specific funding amounts. These can be found in the Notice of Funding (NOFO): https://www.fema.gov/fact-sheet/department-homeland-security-notice-funding-opportunity-fiscal-year-2022-state-and-local

    Additional Information

    Any entity that receives funds from a grant under this program may not use the grant:

    • Spyware;
    • Construction;
    • Renovation;
    • To pay a ransom;
    • For recreational or social purposes;
    • To pay for cybersecurity insurance premiums;
    • To acquire land or to construct, remodel, or perform alterations of buildings or other physical facilities;
    • For any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalf of, the eligible entity that receives the grant or a local government within the jurisdiction of the eligible entity;
    • To supplant state or local funds; however, this shall not be construed to prohibit the use of funds from a grant under this NOFO for otherwise permissible uses on the basis that the SLT has previously used SLT funds to support the same or similar uses; and
    • For any recipient or subrecipient cost-sharing contribution.

    Contacts

    CISA Central

    CISA Central
    245 Murray Lane Southwest
    Washington, DC 20032
    888-282-0870

    Lisa Nine

    Lisa Nine

    ,
    202-706-3176

    Program Office Staff

    Program Office Staff
    800 K Street NW
    Washington, DC 204752-3620
     

  • Eligibility Details

    All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. States are required to pass down 80% of total funding to local and tribal governments which will then apply directly to their State Administrative Agency for funding.


    Deadline Details

    FY23- State/territory applications were to be submitted by October 6th, 2023 by 5:00 p.m., EST. Local deadlines will vary by state.


    FY22-State/territory applications were to be submitted by November 15, 2022 by 5:00 p.m., EST. CISA and FEMA will review each state's submission, and CISA will approve final Cybersecurity Plans and individual projects. Once approved, FEMA will remove any holds that they placed on funding and eligible entities can execute projects and make sub-awards. Local deadlines will vary by state.

    Award Details

    A total of $374,981,324 is available for FY23 to 56 states and territories. Eligible entities must meet a 20% cost share requirement for the FY 2023 SLCGP. The project period of performance is 48 months beginning on December 1, 2023.


    FY23 funding amounts for individual states can be found here: https://www.fema.gov/fact-sheet/department-homeland-security-notice-funding-opportunity-fiscal-year-2023-state-and-local


    A total of $1 billion has been allocated for this program from FY2022 through FY2025. This program is appropriated $185 million for FY22, $375 million for FY23, $300 million for FY24 and $100 million for FY25. U.S. states and territories will be the only entities that can apply for grant awards under the SLCGP. Local entities receive sub-awards through states. The SLCGP SAA recipient must pass through at least 80% of the federal funds provided under the grant. With the consent of the recipients, this pass-through may be in the form of in-kind services, capabilities, or activities, or a combination of funding and other services. At least 25% of the total federal award must also go to rural areas. This pass-through to rural areas is a part of the overall 80% pass-through; however, it should be emphasized that 25% of the total federal amount must be passed through to rural areas. All pass-through entities must meet all program and grant administration requirements.

    Related Webcasts Use the links below to view the recorded playback of these webcasts


    • Funding to Enhance Response, Investigation, and Prosecution of Domestic Violence - Sponsored by Panasonic - Playback Available
    • Justice Assistance Grants: Re-thinking the Program You Know So Well - Sponsored by Panasonic - Playback Available
    • Making the Most of the 2014 Assistance to Firefighters Grants – Sponsored by Panasonic - Playback Available

 

You have not selected any grants to Add


Please select at least one grant to continue.


Selections Added


The selected grant has been added to your .



  Okay  

Research Reports


One of the benefits of purchasing an UPstream® subscription is
generating professional research reports in Microsoft® Word or Adobe® PDF format
Generating research reports allows you to capture all the grant data as
well as a nice set of instructions on how to read these reports


Watchlists and Grant Progress


With an UPstream® subscription you can add grants to your
own personal Watchlist. By adding grants to your watchlist, you will
receive emails about updates to your grants, be able to track your
grant's progress from watching to awards, and can easily manage any
step in the process through simplified workflows.

Email this Grant


With an UPstream® subscription, you can email grant details, a research report,
and relevant links to yourself or others so that you never lose your
details again. Emailing grants is a great way to keep a copy of the
current details so that when you are ready to start seeking funding
you already know where to go