Federal Grant Program Improves Cybersecurity for Local Governments

Local governments are increasingly at risk from cyberattacks, but federal grants can help them enhance their cybersecurity measures.

The State and Local Cybersecurity Grant Program (SLCGP) was established by the Infrastructure Investment and Jobs Act of 2021. This program provides more than $1 billion in funding to state, local, and territorial (SLT) government entities to address cybersecurity risks and cybersecurity threats to their information systems.

Learn more about how your government entity can secure funds from the SLCGP to enhance cybersecurity infrastructure, protect sensitive data, and maintain system integrity.

Objectives of the SLCGP

Grant funding has been made available for specified purposes from federal fiscal years 2022 to 2025. Some grants are reimbursable, and program goals, timelines, and cost-sharing parameters are established by cybersecurity planning committees in each awarded state.

The primary goals of the SLCGP include:

• Improving cybersecurity practices — Enhancing the overall cybersecurity infrastructure of SLT governments to better protect against cyber threats.
• Risk assessment and management — Encouraging the adoption of robust risk management frameworks and practices.
• Incident response — Strengthening the capability to respond to and recover from cybersecurity incidents.
• Awareness and training — Increasing cybersecurity awareness and providing training for government employees to recognize and mitigate cyber threats.
• Collaboration — Promoting collaboration and information sharing among different levels of government and with the private sector.

Grants awarded under the SLCGP can be used for various purposes, such as:

• Developing and implementing cybersecurity plans and strategies
• Acquiring and deploying cybersecurity hardware and software
• Conducting cybersecurity risk assessments
• Establishing cybersecurity governance frameworks
• Enhancing cybersecurity workforce skills and capabilities through training and exercises

How do I apply for the cybersecurity grant program?

The 56 state administrative agencies (SAAs) for U.S. states and territories are the only eligible applicants for SLCGP funding. Local governments are eligible subrecipients and must work with their state or territory’s SAA to apply for SLCGP funds.

Applicants generally need to develop and submit a plan outlining how they intend to use the funds to address cybersecurity risks and threats, and should demonstrate how they plan to sustain cybersecurity improvements after the grant period ends.

The process typically involves several steps:

• Submission of applications — Eligible entities submit their applications, including a detailed cybersecurity plan and budget.
• Review and award — Applications are reviewed, and grants are awarded based on criteria outlined in the Notice of Funding Opportunity (NOFO).
• Implementation and reporting — Grant recipients implement their proposed projects and periodically report on their progress and outcomes.

For each state or local government interested in applying for funding — contact your applicable SAA POC.

Fiscal planning and cost-sharing requirements

This program has a sliding cost-share match requirement that changes with each fiscal year, so planning and budgeting for shared costs is a key component to successfully leveraging these funds.

The cost share must be at the activity (i.e., project) level, and the cost share cannot be applied across multiple projects being implemented by the same entity. For a breakdown of cost shares by fiscal year, see below:

• FY 2022: 90%/10% federal/nonfederal
• FY 2023: 80%/20% federal/nonfederal
• FY 2024: 70%/30% federal/nonfederal
• FY 2025: 60%/40% federal/nonfederal

Each grant period of performance spans 48 months, so funds are still available for current, prior and future fiscal years.