State and Local Cybersecurity Grant Program Tribal Cybersecurity Grant Program

Objective

The goal of the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) is to assist state, local, tribal and territorial (SLTT) governments with managing and reducing systemic cyber risk. This goal can be achieved over the course of the Period of Performance (POP) as applicants focus on their Cybersecurity Plans, priorities, projects, and implementation toward addressing the program objectives. Program Objectives for SLCGP and TCGP include: 1. Develop and establish appropriate governance structures, as well as plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations; 2. SLTT agencies understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments; 3. Implement security protections commensurate with risk (outcomes of Objectives 1 & 2); and 4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility. Performance Measures: • Percentage of entities with CISA approved state-wide Cybersecurity Plans • Percentage of entities with statewide Cybersecurity Planning Committees that meet the Homeland Security Act of 2002 and SLCGP funding notice requirements • Percentage of entities conducting annual table-top and full-scope exercises to test Cybersecurity Plans • Percent of the entities’ SLCGP budget allocated to exercises • Average dollar amount expended on exercise planning for entities • Percentage of entities conducting an annual cyber risk assessment to identify cyber risk management gaps and areas for improvement • Percentage of entities performing phishing training • Percentage of entities conducting awareness campaigns • Percent of entities providing role-based cybersecurity awareness training to employees • Percentage of entities adopting the Workforce Framework for Cybersecurity (NICE Framework) as evidenced by established workforce development and training plans • Percentage of entities with capabilities to analyze network traffic and activities related to potential threats • Percentage of entities implementing multi-factor authentication (MFA) for all remote access and privileged accounts • Percentage of entities with programs to anticipate and discontinue use of end-of-life software and hardware • Percentage of entities prohibiting the use of known/fixed/default passwords and credentials • Percentage of entities operating under the “.gov” internet domain • Number of cybersecurity gaps or issues addressed annually by entities

Who Can Apply

• State
• U.S. Territories and possessions
• Federally Recognized lndian Tribal Governments

For SLCGP: States and U.S. Territories All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. For TCGP: Federally Recognized Tribal Governments Tribal governments may apply directly through the Tribal Cybersecurity Grant Program or may receive funds as subrecipients of the State and Local Cybersecurity Grant Program. “Tribal government” is defined as the recognized governing body of any Indian or Alaska Native Tribe, band, nation, pueblo, village, community, component band, or component reservation, that is individually identified (including parenthetically) in the most recent published list of federally recognized tribes.

Who Benefits

• State
• Local
• U.S. Territories
• Federally Recognized Indian Tribal Governments

State, Local, U.S. Territories, & Federally Recognized Indian Tribal Governments

Assistance Types

• Formula Grants
• Formula Grants
• Formula Grants
• Formula Grants

Program Contact

Allen.wineland@fema.dhs.gov
18003686498