The Department of Homeland Security – FEMA is accepting applications for its State and Local Cybersecurity Grant Program.
Donor Name: Department of Homeland Security – FEMA
State: All States
County: All Counties
U.S. Territory: Commonwealth of Puerto Rico, U.S. Virgin Islands, Guam, American Samoa, and Commonwealth of the Northern Mariana Islands
Type of Grant: Grant
Deadline: 10/06/2023
Size of the Grant: $374,981,324
Grant Duration: 48 months
Details:
The goal of SLCGP is to assist SLT governments with managing and reducing systemic cyber risk. This goal can be achieved over the course of the four years of SLCGP funding as applicants focus their Cybersecurity Plans, priorities, projects, and implementation toward addressing the SLCGP objectives.
During 2022, applicants focused on Program Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents, and ensure continuity of operations.
In 2023, applicants are required to focus on addressing the following program objectives in their applications:
- Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
- Objective 3: Implement security protections commensurate with risk.
- Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.
Priorities
Cybersecurity Plans, Committees and Charter
The Homeland Security Act of 2002, as amended by the BIL, requires SLCGP grant recipients to develop a Cybersecurity Plan, establish a Cybersecurity Planning Committee to support development of the plan, and identify projects to implement using SLCGP funding. With the FY 2022 SLCGP, recipients were directed to accomplish the following:
- Establish a Cybersecurity Planning Committee;
- Develop a state-wide Cybersecurity Plan, unless the recipient already has a state-wide Cybersecurity Plan; and
- Use SLCGP funds to implement or revise a state-wide Cybersecurity Plan.
Cybersecurity Activities, Best Practices, Investments and Projects Cybersecurity Activities
- The State Administrative Agency (SAA) must consult with its Chief Information Officer (CIO) and the Chief Information Security Officer (CISO) (or an equivalent official of the eligible entity) regarding the plans for allocating SLCGP funds. To support the FY 2023 SLCGP requirements, Cybersecurity Plans must include the following activities:
- Conducting assessment and evaluations as the basis for individual projects throughout the life of the program; and
- Adopting key cybersecurity best practices and consulting Cybersecurity Performance Goals (CPGs).
- The CPGs are a prioritized subset of information technology and operational technology cybersecurity practices aimed at meaningfully reducing risks to both critical infrastructure operations and the American people.
- These goals are applicable across all critical infrastructure sectors and are informed by the most common and impactful threats and adversary tactics, techniques, and procedures observed by CISA and its government and industry partners, making them a common set of protections that all critical infrastructure entities – from large to small – should implement.
- The CPGs do not reflect an all-encompassing cybersecurity program – rather, they are a minimum set of practices that organizations should implement toward ensuring a strong cybersecurity posture.
- The Cross-Sector Cybersecurity Performance Goals are regularly updated, with a targeted revision cycle of at least every 6 to 12 months.
Funding Information
- Available Funding for the NOFO: $374,981,324
- Period of Performance: 48 months
Eligibility Criteria
Eligible Applicants All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. The Governor-designated SLCGP SAA is the only entity eligible to submit SLCGP applications to DHS/FEMA.
For more information, visit Grants.gov.