On September 16, 2022, the Office of Homeland Stability (DHS) declared a very first-of-its-variety cybersecurity grant system particularly for state, neighborhood, and territorial (SLT) governments across the nation.
Funding from the State and Area Cybersecurity Grant Method (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) assists suitable entities address cybersecurity risks and threats to information programs owned or operated by—or on behalf of—state, area and territorial (SLLT) governments. By two unique Recognize of Funding Alternatives (NOFO), SLCGP and TCGP merged will distribute $1 billion over four yrs to assistance assignments throughout the effectiveness period of time of up to 4 a long time. This calendar year, the TCGP will be introduced immediately after SLCGP.
Study about the authorization for SLCGP
Via the Infrastructure Financial investment and Positions Act (IIJA) of 2021, Congress proven the Point out and Regional Cybersecurity Enhancement Act, which founded the Condition and Community Cybersecurity Grant Software, appropriating $1 billion to be awarded more than 4 yrs.
These entities experience exclusive difficulties in defending in opposition to cyber threats these as ransomware, as they deficiency the assets to protect in opposition to constantly altering threats. The Office of Homeland Security (DHS), via the Cybersecurity and Infrastructure Safety Agency (CISA), is using measures to support stakeholders throughout the nation comprehend the severity of their exceptional nearby cyber threats and cultivate partnerships to cut down similar pitfalls across the SLT company.
Read through under or print the SLCGP Simple fact Sheet and Usually Requested Issues.
Browse: How will the SLCGP be administered?
DHS will put into action the SLCGP Grant Program by means of CISA and the Federal Crisis Management Agency (FEMA). Although CISA will provide as the subject-matter skilled in cybersecurity associated difficulties, FEMA will offer grant administration and oversight for appropriated funds, which include award and allocation of resources to qualified entities, economical administration and oversight of resources execution.
The system is built to place the funding wherever it is desired most: into the palms of regional entities. States and territories will use their State Administrative Organizations (SAAs) to obtain the money from the Federal Federal government and then distribute the funding to area governments in accordance with point out regulation/procedure. This is the similar way in which funding is dispersed to community governments in the Homeland Safety Grant Software.
Application Process and Timeline
- DHS issued a Notice of Funding Chance (NOFO) in September 2022 that includes all necessities and information, which include data on funding eligibility for states.
- The founded SAA for states and territories will be the only entities that can use for grant awards beneath the SLCGP. Nearby entities receive sub-awards as a result of states. The legislation calls for states to distribute at minimum 80% of money to community governments, with a minimal of 25% of the allotted money distributed to rural parts.
- Suitable entities can submit an application by means of Grants.gov. Purposes might consist of a concluded Cybersecurity Plan, abilities evaluation and particular person assignments authorised by the Cybersecurity Scheduling Committee and CIO/CISO/equal. Entities without a done plan are encouraged to use and entire it in Yr One particular.
- CISA and FEMA will overview each submission, and CISA will approve remaining Cybersecurity Programs and individual initiatives.
- As soon as permitted, FEMA will take away any holds that they placed on funding and suitable entities can execute projects and make sub-awards.
Key Need: Setting up a Cybersecurity Planning Committee
Qualified entities can kind their cybersecurity organizing and can make Cybersecurity Options (in accordance with the minimal prerequisites as stated in the State and Neighborhood Cybersecurity Advancement Act), which are a necessity for receiving grant money. The condition-level Cybersecurity Scheduling Committee leverages beforehand set up advisory bodies that the states may have fashioned. The membership of the Cybersecurity Organizing Committee will be up to each and every personal state, specified they fulfill the demands of the legislation and NOFO. States are inspired to develop their cybersecurity organizing committees to contain additional abilities primarily based on personal condition desires. DHS provides a listing of these suggested more personnel in the NOFO. However, states are not constrained to the extra personnel on this checklist.
The Cybersecurity Preparing Committee will identify and prioritize point out-huge endeavours, to involve determining chances to consolidate tasks to increase efficiencies. Every single suitable entity is necessary to submit confirmation that the committee is comprised of the required associates. The qualified entity will have to also ensure that at least 1-50 % of the associates of the committee have skilled encounter relating to cybersecurity or details technological innovation. For additional facts on the composition of the Cybersecurity Scheduling Committee, like how to leverage current planning committees, you should refer to Appendix B of the Observe of Funding Option.
Cybersecurity Arranging Committee membership shall involve at least 1 agent from related stakeholders, like:
- The suitable entity
- If the qualified entity is a state, then reps from counties, cities and towns within just the jurisdiction of the qualified entity
- Community education inside the jurisdiction of the qualified entity
- Community well being and
- Rural, suburban and high-inhabitants jurisdictions.
Not less than half of the associates of the Cybersecurity Arranging Committee must have expert practical experience relating to cybersecurity or details technological know-how. Qualifications are identified by the states.
Suitable entities are provided the overall flexibility to recognize the particular community wellbeing and community schooling companies and communities the Organizing Committee associates represent.
Key Prerequisite: Generate a Cybersecurity Approach
The Cybersecurity Program is a statewide planning document that should be authorised by the Cybersecurity Preparing Committee and the CIO/CISO equal. The System will be subsequently updated in FY24 and 25. It must contain the following parts:
- Incorporate, to the extent practicable, any present ideas to shield in opposition to cybersecurity challenges and cybersecurity threats to facts devices owned or operated by, or on behalf of, SLTs.
- How enter and feed-back from nearby governments and associations of nearby governments was incorporated.
- Include things like all of the precise required things (see Needed Factors area of Appendix C of the NOFO)
- Explain, as proper and to the extent practicable, the unique tasks of the point out and regional governments in just the state in utilizing the Cybersecurity Strategy..
- Evaluate every of the necessary features from an entity-broad perspective.
- Define, to the extent practicable, the vital sources and a timeline for implementing the plan.
- Summary of affiliated jobs.
- Metrics that the eligible entity will use to measure development.
SLCGP E-mail: [email protected]
TCGP Electronic mail: [email protected]
Tools and Assets
(Please notice other links will be included as they develop into out there)
The following listing of CISA methods are proposed goods, solutions, and resources at no price tag to the condition, regional, tribal, and territorial governments, as nicely as public and private sector important infrastructure companies.
Point out and Regional Cybersecurity Grant System Truth Sheet
Condition and Neighborhood Cybersecurity Grant Software Commonly Questioned Thoughts
Cyber Source Hub
Ransomware Guide (Sept. 2020)
Cyber Resilience Assessment
Absolutely free Cybersecurity Products and services and Equipment
To report an incident, pay a visit to www.cisa.gov/report
Essential Inbound links:
Application Business Get in touch with
FEMA has assigned point out-distinct Preparedness Officers for the SLCGP. If you do not know your Preparedness Officer, make sure you call the Centralized Scheduling and Info Desk (CSID) by telephone at (800) 368-6498 or by email at [email protected], Monday as a result of Friday, 9 a.m. – 5 p.m. ET.
Centralized Scheduling and Facts Desk (CSID)
CSID is a non-emergency detailed administration and facts resource developed by FEMA for grant stakeholders. CSID delivers common info on all FEMA grant packages and maintains a comprehensive databases made up of important staff speak to details at the federal, point out and regional amounts. When important, recipients will be directed to a federal level of make contact with who can remedy specific programmatic questions or considerations. CSID can be arrived at by mobile phone at (800) 368-6498 or by e-mail at [email protected], Monday by Friday, 9 a.m. – 5 p.m. ET.