New funding announced for State and Local Cybersecurity Grant Program

Image of GettyImages-1350722246.jpg

Key Takeaways

On September 16, the U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) announced the a Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), which is funded by the Bipartisan Infrastructure Law (BIL). The SLGCP provides a total of $1 billion in funding over the next four years, with a total of $185 million available for Fiscal Year (FY) 2022, to support state and local efforts to address cyber risks to their information systems.

Eligible entities, which include states and counties, can now apply for funding for FY 2022. As required by the SLCGP, 80 percent of the entire program’s funds must be sub-allocated to local governments and rural areas within 45 days of an eligible entity’s receipt of the funds (i.e. state).  The state-by-state allocation figures can be found on pages 8-9 of the NOFO.

Applicants are required to demonstrate how their efforts will achieve the following SLCGP program objectives:

  1. Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations
  2. Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments
  3. Implement security protections commensurate with risk
  4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility

SLCGP funds are encouraged to prioritize the establishment of cybersecurity planning committees, the development of state-wide cybersecurity plans, conducting assessments and evaluations as the basis for individual projects throughout the life of the program, and adopting key cybersecurity best practices.

NACo strongly encourages all county IT directors and CIOs to begin coordinating with their State Administrative Agent (SAA) for next steps on their state’s plans to applying for funding. A list of SAA's can be found here. NACo will continue to monitor this program closely and provide updates as needed.

Related News

Image of Levers-Technology_1.jpg
News

DHS Announces new Funding for the State and Local Cybersecurity Grant Program

On September 23, the Department of Homeland Security announced a new funding round for the State and Local Cybersecurity Grant Program (SLCGP). The SLGCP provides $1 billion over four years to state, local, and tribal governments to implement cybersecurity plans and build resilience against emerging threats as a part of the Bipartisan Infrastructure Law (BIL) 

This year’s allocation is $279.9 million, notably less than the fiscal year 23 (FY23) allocation of $375 million. Applications for funds must be submitted by December 2, 2024. Eligible entities for this program are state governments, and the program structure design allows for local governments to receive 80% of the funding via either pass-through funding or in-kind services. Counties should be advised that eligible entities may request counties to contribute to the non-federal cost-share element of a state’s application, which for this grant year is 30% for a single-entity applicant or 20% for a multi-entity applicant.  

Slight changes have come to the SLCGP for FY2024, including broadening the criteria for applications. In FY22 and FY23, state and local governments were limited to specific objectives of the program, where now applications can focus on any of these four objectives:  

  1. Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations 

  2. Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments 

  3. Implement security protections commensurate with risk 

  4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility 

The SLCGP requires that 25 percent of state allocations must benefit rural areas. Local and state governments have 48 months to complete projects and expend allocated funds.  The BIL provided funding for four years, with FY 25 being the last year of the program.  

NACo encourages counties to coordinate with statewide cyber planning committees to prepare a proposal for the program. NACo will continue to monitor the program and update counties with any developments 

Tech
News

County collaboration is key to overcoming the cybersecurity talent shortage

In the United States, citizens depend on county governments to deliver many of the nation’s most critical services. These organizations play a crucial role in ensuring overall community well-being by managing essential services such as law enforcement, public health, infrastructure maintenance, and emergency response.

AI Compass Pic 4
Press Release

National Association of Counties Pilots Artificial Intelligence Leadership Academy

NACo today announced a new professional development opportunity, the NACo Artificial Intelligence (AI) Leadership Academy, an innovative, online program to equip frontline county government leaders with practical knowledge and tools.