First Application Deadline is Nov. 15; 80% Required Pass-Through to Local Governments

The Department of Homeland Security (DHS) announced a notice of funding opportunities (NOFO) for a first-of-its-kind cybersecurity grant program created specifically to assist and protect state, local, Tribal and territorial information systems. This State, Local and Cybersecurity Grant Program (SLCGP) is part of the Infrastructure Investment and Jobs Act (IIJA) of 2021, and allows DHS to distribute $1 billion over 4 years to support projects. States must pass-through at least 80% of any funds they are awarded to local governments.

Application Process & Timeline

• DHS issued a Notice of Funding Opportunity (NOFO) this month. All funding requirements and details can be found at that link. The first deadline is Nov. 15, 2022.
• Estimated total funding of $1 billion budget in 2022: $185,024,069
• Minimum award size: $500,000
• A total of 56 grants are anticipated — one for each state and territory.
• Only states and territories are eligible to apply for grant awards under the SLCGP. (The tribal grant NOFO has yet to announced.)
• Local entities receive sub-awards through their states. At least 80% of funds awarded to states must go to local governments, with a minimum of 25% of the allocated funds distributed to rural areas.
• Eligible entities can submit an application via Grants.gov. Applications appear to have two minimum requirements: creation of a state Cybersecurity Planning Committee and a completed state Cybersecurity Plan.

Key Requirements: Cybersecurity Planning Committee & Plan
The minimum requirements as stated in the State and Local Cybersecurity Improvement Act are a state-level Cybersecurity Planning Committee and a Cybersecurity Plan.

The Planning Committee will identify and prioritize statewide efforts, including identifying opportunities to consolidate projects to increase efficiencies through partnership with at least one representative from relevant stakeholders, including:

• The eligible entity;
• If the eligible entity is a state, then representatives from counties, cities and towns within the jurisdiction of the eligible entity;
• Public education within the jurisdiction of the eligible entity;
• Public health; and
• Rural, suburban and high-population jurisdictions.

The Cybersecurity Plan is a statewide planning document that must be approved by the Cybersecurity Planning Committee and the CIO/CISO equivalent, be updated in fiscal 2024 and 2025, and contain the following components:

• Incorporate, to the extent practicable, any existing plans to protect against cybersecurity risks and cybersecurity threats to state, local or territorial owner or operated information systems
• Demonstrate input from local governments and associations of local governments, and outline individual responsibilities of the state and local governments in implementing the Plan
• Include all required elements outlined in Appendix C of the NOFO
• Outline the necessary resources and a timeline for implementing the plan and summary of associated projects
• Outline metrics to measure progress

Next Steps
Local governments should contact their governor’s office to determine the status of the state’s application process and how their community’s needs are being factored into the state’s plan.

[View source.]