Department of Homeland Security Announces Cybersecurity Grant for State, Local, and Territorial Governments

Off

Last Friday, the Department of Homeland Security announced the State and Local Cybersecurity Grant Program (SLCGP). The funding helps eligible entities address cybersecurity risks and threats to information systems owned or operated by—or on behalf of—state, local and territorial governments. Through two distinct Notice of Funding Opportunities, the SLCGP and Tribal Cybersecurity Grant Program (TCGP) combined will distribute $1 billion over four years to support projects throughout the performance period of up to four years. This year, the TCGP will be released after SLCGP.

In FY 2022, $183.5 million is available under the SLCGP, with varying funding amounts allocated over four years from the Infrastructure Investment and Jobs Act. This year, each state and territory will receive a funding allocation as determined by the statutory formula:

  • Allocations for states and territories include a base funding level as defined for each entity: 1% for each state, the District of Columbia, and Puerto Rico; and 0.25% for American Samoa, the Commonwealth of the Northern Mariana Islands, Guam, and the U.S. Virgin Islands.
  • State allocations include additional funds based on a combination of state population and rural population totals.
  • 80% of total state allocations must support local entities, while 25% of the total state allocations must support rural entities; these amounts may overlap.

Requirements

Each state and territory must establish a Cybersecurity Planning Committee that coordinates, develops, and approves a Cybersecurity Plan. These plans are meant to guide development of cybersecurity capabilities across the state or territory. The Cybersecurity Planning Committee is responsible for approving the Cybersecurity Plan and prioritizing individual projects. Eligible entities submit Cybersecurity Plans for review and approval as part of their grant application. Initial Cybersecurity Plans will be approved for two years. Subsequent Cybersecurity Plans, building on the investments from the previous year(s), must be submitted for approval annually. Additional information on cost-share and pass-through requirements can be found here.

For more information on the Grant and application process, click here.