What is the State and Local Cybersecurity Grant Program (SLCGP)?
The State and Local Cybersecurity Grant Program (SLCGP) addresses cybersecurity risks and threats to information systems owned or operated by, or on behalf of, state, local and territorial governments. The program, which is being jointly managed by the Cybersecurity and Infrastructure Agency (CISA) and Federal Emergency Management Agency (FEMA), enables targeted cybersecurity investments aimed at improving the security of critical infrastructure and resilience of the services that state, local, and territorial governments provide to their communities. The SLCGP was created as part of the Infrastructure Investment and Jobs Act, which provides a total of $1 billion in dedicated funding for state and local cybersecurity over four years.
State and Local Cybersecurity Grant Program FAQs
Who can apply for the State and Local Cybersecurity Grant Program (SLCGP)?
- All 56 states, territories and commonwealths are eligible to apply
- The designated State Administrative Agency (SAA) for each state and territory is the only entity eligible to apply for SLCGP funding
- A list of the funding allocation for each state and territory may be found on pp. 7-9 of the SLCGP Notice of Funding Opportunity (SLCGP NOFO).
- An SAA may partner with one or more other SAAs to form a multi-entity group
What is the overarching goal of the SLCGP program?
- Governance and Planning: Develop and establish appropriate governance structures, as well as plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations
- Assessment and Evaluation: Identify areas for improvement in SLTT cybersecurity posture based on continuous testing, evaluation, and structured assessments
- Mitigation: Implement security protections commensurate with risk (outcomes of Objectives 1 and 2), using the best practices as described in element 5 of the required 16 elements of the cybersecurity plans and those further listed in the NOFO
- Workforce Development: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with their responsibilities as suggested in the National Initiative for Cybersecurity Education
To assist state and local governments in managing and reducing systemic cyber risks. To accomplish this, CISA has established four discrete, but interrelated objectives:
What are the allowable cost categories for the SLCGP program?
- Management and administration
Allowable cost categories include:
How and when can you apply?
The SAA must submit the full application by November 15, 2022, 5 pm ET. Applicants are encouraged to submit their initial application in Grants.gov at least seven days before this deadline.
The full application package should be submitted via FEMA’s Non-Disaster Grants System.
Where can I find additional details about the SLCGP program?
Eligible entities must submit Cybersecurity Plans for review and approval as part of their grant application. These Plans are meant to guide development of cybersecurity capabilities across the state or territory and must be developed and approved by a Cybersecurity Planning Committee, the composition and scope of which is specified on pp. 62-64 of the NOFO. A Cybersecurity Plan Checklist may be found on pp. 66-72 of the NOFO and a Plan Template may be found here.
Boost Your Organization’s Cybersecurity: Top 10 Strategies Your Organization’s Cybersecurity Plan Should Include