CFDA#
97.137
|
|
Funder Type
Federal Government
|
IT Classification
A - Primarily intended to fund technology
|
|
|
Authority
Federal Emergency Management Agency (FEMA)
Summary
Our nation faces unprecedented cybersecurity risks, including increasingly sophisticated adversaries, widespread vulnerabilities in commonly used hardware and software, and broad dependencies on networked technologies for the day-to-day operation of critical infrastructure. Cyber risk management is further complicated by the ability of malicious actors to operate remotely, linkages between cyber and physical systems, and the difficulty of reducing vulnerabilities in critical infrastructure.
Considering the risk and potential consequences of cyber incidents, strengthening the cybersecurity practices and resilience of state, local, and territorial (SLT) governments is an important homeland security mission and the primary focus of the State and Local Cybersecurity Grant Program (SLCGP). Through funding from the Infrastructure Investment and Jobs Act, the SLCGP enables DHS to make targeted cybersecurity investments in SLT government agencies to strengthen the security of critical infrastructure and improve the resilience of services SLT governments provide their communities.
Objectives: Applicants are required to submit applications that address at least one of the following program objectives in their applications:
- Objective 1: Develop and establish appropriate governance structures, including by developing, implementing, or revising Cybersecurity Plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
- Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
- Objective 3: Implement security protections commensurate with risk.
- Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.
*All applicants with a Cybersecurity and Infrastructure Security Agency (CISA) approved Cybersecurity Plan must submit their current Cybersecurity Plan to CISA via the FEMA SLCGP Inbox at [email protected] no later than January 1, 2026. When submitting a Cybersecurity Plan, applicants must inform CISA if they have revised their plan since CISA's last approval of it.
Cybersecurity Best Practices for Individual Projects:
- Implement multi-factor authentication
- Implement enhanced logging
- Data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- Actively engage in bidirectional sharing between CISA and SLT entities in cyber relevant time frames to drive down cyber risk
- Migration to the .gov internet domain
History of Funding
A total of $279,873,562 was available for FY24 to 56 states and territories.
A total of $374,981,324 was available for FY23 to 56 states and territories.
A total of $185,024,069 was available for FY22 to 56 states and territories .
Additional Information
Any entity that receives funds from a grant under this program may not use the grant:
- Spyware;
- Construction;
- Renovation;
- To pay a ransom;
- For recreational or social purposes;
- To pay for cybersecurity insurance premiums;
- To acquire land or to construct, remodel, or perform alterations of buildings or other physical facilities;
- For any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalf of, the eligible entity that receives the grant or a local government within the jurisdiction of the eligible entity;
- To supplant state or local funds; however, this shall not be construed to prohibit the use of funds from a grant under this NOFO for otherwise permissible uses on the basis that the SLT has previously used SLT funds to support the same or similar uses; and
- For any recipient or subrecipient cost-sharing contribution.
Eligibility Details
All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. States are required to pass down 80% of total funding to local and tribal governments which will then apply directly to their State Administrative Agency for funding.
Deadline Details
State/territory applications for FY25 funds will be submitted by August 15, 2025 by 5:00 p.m., EST. Once approved, FEMA will remove any holds that they placed on funding and eligible entities can execute projects and make sub-awards. Local deadlines will vary by state.
All entities with a CISA-approved Cybersecurity Plan must submit their current plan to CISA via the FEMA SLCGP inbox ([email protected]) no later than January 30, 2026.
Award Details
A total of $91,750,000 is available for FY25 to 56 states and territories. Eligible entities must meet a 40% cost share requirement for the FY25 SLCGP. The project period of performance is 48 months beginning on September 1, 2025. Future funding amounts are to be determined.
A total of $1 billion has been allocated for this program from FY2022 through FY2025. This program is appropriated $185 million for FY22, $375 million for FY23, $280 million for FY24, and $100 million for FY25. U.S. states and territories will be the only entities that can apply for grant awards under the SLCGP. Local entities receive sub-awards through states. The SLCGP SAA recipient must pass through at least 80% of the federal funds provided under the grant. With the consent of the recipients, this pass-through may be in the form of in-kind services, capabilities, or activities, or a combination of funding and other services. At least 25% of the total federal award must also go to rural areas. This pass-through to rural areas is a part of the overall 80% pass-through; however, it should be emphasized that 25% of the total federal amount must be passed through to rural areas. All pass-through entities must meet all program and grant administration requirements.
Related Webcasts
