Grant Alert: Unprecedented Cybersecurity Grants for State and Local Governments Announced
Posted on September 19, 2022 by Morgan Sava
The Department of Homeland Security (DHS) released its long-awaited State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP) on Friday, September 17.
FY 2022 State and Local Cybersecurity Grant Program
Anticipated number of awards: 56
Program duration: 36 months
Release date: September 16, 2022
Apply by: November 15, 2022
Match requirement: 10% for individual entity projects, no cost-share for multi-entity projects
This grant funding aims to address cybersecurity threats to information systems owned and operated by state, territory, local, and tribal governments or on their behalf. This funding was authorized by Congress when it enacted the Infrastructure Investment and Jobs Act (IIJA) in 2021. The $185 million is only for fiscal year 2022 — Congress authorized $400 million for FY 2023, $300 million for 2024, and $100 million for FY 2025.
DHS will implement this program through the Cybersecurity and Infrastructure Agency (CISA) and the Federal Emergency Management Agency (FEMA), providing grant administration and oversight. The program will work similarly to FEMA's Homeland Security Grant Program.
The first funding opportunity is for $185 million, and the projected closing date for applications is November 15, 2022. State, territory, county, local (city and township), and federally recognized tribal governments are eligible to apply.
How Should State and Local Governments Seek a Grant?
Only the State Administrative Agency (SAA) can apply for SLCGP funding — local entities will receive subawards from their state. States must distribute at least 80 percent of the funding to local governments, with a minimum of 25 percent to rural areas.
SAAs must apply via Grants.gov; applications must include a completed cybersecurity plan, capabilities assessment, and individual projects approved by the SAA’s planning committee, as well as the state’s chief information officer (CIO) or chief information security officer (CISO), or the equivalent. If a state does not have a completed cybersecurity plan, it can still apply and then leverage any award to complete this plan in the first year of the grant cycle.
Priorities of the program in the first year include:☑️ A statewide cybersecurity planning committee
States must form a statewide cybersecurity planning committee and create a cybersecurity plan to receive grant funds (again, the latter can be funded with year-one grant dollars.)
- The committee should include the county and local representatives, representatives from the public-education and health communities, and rural and high-population jurisdictions.
- Fifty percent of committee representatives must have cybersecurity or information technology (IT) experience
The state’s planning committee must approve the cybersecurity plan, which is required and must include strategies for protecting against cybersecurity threats. It also must describe the following:
- How input from local government entities was incorporated
- The requirements that state and local governments will need to meet in implementing the plan
- An assessment of cybersecurity elements from an entity-wide perspective
- A summary of projects and metrics that will be used to measure progress
Statewide efforts should be prioritized, including consolidating projects to achieve efficiencies.
☑️ Cybersecurity assessments and evaluations
Additional first-year priorities include conducting assessments to identify gaps that projects can address throughout the lifecycle of the grant program.
Cybersecurity Solutions Available from Mission Critical Partners (MCP)
- Cybersecurity assessments
- 24x7 cybersecurity monitoring
- Security training and awareness
- Third-party compliance services
- Security staff augmentation
- Virtual CISO services