How counties can access funds through the new State and Local Cybersecurity Grant Program

-
BlogOn September 16, the U.S.How counties can access funds through the new State and Local Cybersecurity Grant Program
-
Blog
How counties can access funds through the new State and Local Cybersecurity Grant Program
On September 16, the U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) announced the a Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), which is funded by the Bipartisan Infrastructure Law (BIL). The SLGCP provides a total of $1 billion in funding over the next four years, with a total of $185 million available for Fiscal Year (FY) 2022, to support state and local efforts to address cyber risks to their information systems
KEY POINTS
- The funds are appropriated to FEMA, with the Cybersecurity Infrastructure and Security Agency (CISA) being identified as the subject matter expert. While FEMA will handle administration, CISA will review and approve state submitted plans, as well as serve as a resource for answering questions and guiding states and local government through the process
- The funding that will be available to each state is determined by using a baseline allocation plus a population-based allocation formula. Specific state allocations were updated with minor changes on Oct 7 and can be found here
- 80% must be passed through to local entities within 45 days of a state’s receipt of funds
- 25% of a state’s total allocation must go to rural communities
- Each year will require a cost share or match, of which soft or in-kind expenses are eligible
WHAT CAN THE FUNDING BE USED FOR
The goal of the grant is to assist SLTT governments with managing and reducing systemic cyber risk. At a high level, funding requests can fall under four objectives. Specific eligible cyber areas are referenced in more detail under the plan requirements listed in the next section.
- Objective 1 - Governance & Planning – projects such as the development of the statewide plan
- Objective 2 - Assessment & Evaluation – projects such as cyber security assessments
- Objective 3 - Mitigation – projects such as MFA implementation, enhanced logging, enhancing end user protections, monitoring tools and training and education, elimination of unsupported/end of life software and hardware that are accessible from the internet, migrating to the .gov domain.
- Objective 4 - Workforce Development – identifying and mitigating gaps in the cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills, and abilities of personnel
WHAT IS THE ELIGIBLE ENTITY ROLE (STATE ROLE)
To be awarded the funding, each State’s identified State Administrative Agency (SAA) will need to apply for the assistance funds. The state is also required to create a cyber security planning committee consisting of the following membership: the eligible entity, State CIO/CISO or equivalent, Local/counties (if eligible entity is a state), Representatives from varying densities, public education, and public health. 50% of members must have professional experience relating to cybersecurity or information technology. A full list of SAAs and their main contacts can be found here.
The planning committee will be responsible for creating the statewide cybersecurity plan, which must provide an assessment of 16 cyber-specific required and a list of projects being submitted for approval. The 16 required elements focus on a number of areas. Of particular note for county IT leaders are the following best practices and methodologies:
- Implement multi-factor authentication
- Implement enhanced logging
- Implement data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the Internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- Migrate to the .gov internet domain
WHAT IS THE COUNTY ROLE
While funding will come to the state and then be distributed to localities based on approved projects, counties represent an integral component. Counties should be assessing and developing strategies for improving cyber defenses. To that end, cross-boundary relationships are critical to the successful implementation of this funding.
- Contact your state association to share your priorities and encourage the state association to strengthen the relationship with the state CIO and CISO and even serve as the local county representative on the planning committee
- Contact your state CISO directly to offer to assistance in providing input to the statewide cyber security plan
- Develop your strategy and project list of cyber priorities. Your county specific plan should be forward thinking and strategically planned over the next four years
- Join, if you are not already, a member of the NACo Tech Xchange. This network of over 900 county IT Leaders serves as an interactive community where NACo posts relevant alerts and resources for counties and where counties share best practices and knowledge on technology topics including cyber
RESOURCES
- Grant Announcement (includes funding allocations by state)
- To contact CISA: SLCGPinfo@cisa.dhs.gov
- To contact FEMA: ASKCSID@fema.dhs.gov
- To contact NACo resources: Rita Reynolds rreynolds@naco.org
- Upcoming FEMA/CISA Outreach Calls to hear updates and ask questions. To register:
- Tuesday, October 18, 2022, | 3 – 4 p.m. EDT
- Tuesday, October 25, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 1, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 8, 2022, |3 – 4 p.m. EST
On September 16, the U.S.2022-10-14Blog2022-10-14
On September 16, the U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) announced the a Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), which is funded by the Bipartisan Infrastructure Law (BIL). The SLGCP provides a total of $1 billion in funding over the next four years, with a total of $185 million available for Fiscal Year (FY) 2022, to support state and local efforts to address cyber risks to their information systems
KEY POINTS
- The funds are appropriated to FEMA, with the Cybersecurity Infrastructure and Security Agency (CISA) being identified as the subject matter expert. While FEMA will handle administration, CISA will review and approve state submitted plans, as well as serve as a resource for answering questions and guiding states and local government through the process
- The funding that will be available to each state is determined by using a baseline allocation plus a population-based allocation formula. Specific state allocations were updated with minor changes on Oct 7 and can be found here
- 80% must be passed through to local entities within 45 days of a state’s receipt of funds
- 25% of a state’s total allocation must go to rural communities
- Each year will require a cost share or match, of which soft or in-kind expenses are eligible
WHAT CAN THE FUNDING BE USED FOR
The goal of the grant is to assist SLTT governments with managing and reducing systemic cyber risk. At a high level, funding requests can fall under four objectives. Specific eligible cyber areas are referenced in more detail under the plan requirements listed in the next section.
- Objective 1 - Governance & Planning – projects such as the development of the statewide plan
- Objective 2 - Assessment & Evaluation – projects such as cyber security assessments
- Objective 3 - Mitigation – projects such as MFA implementation, enhanced logging, enhancing end user protections, monitoring tools and training and education, elimination of unsupported/end of life software and hardware that are accessible from the internet, migrating to the .gov domain.
- Objective 4 - Workforce Development – identifying and mitigating gaps in the cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills, and abilities of personnel
WHAT IS THE ELIGIBLE ENTITY ROLE (STATE ROLE)
To be awarded the funding, each State’s identified State Administrative Agency (SAA) will need to apply for the assistance funds. The state is also required to create a cyber security planning committee consisting of the following membership: the eligible entity, State CIO/CISO or equivalent, Local/counties (if eligible entity is a state), Representatives from varying densities, public education, and public health. 50% of members must have professional experience relating to cybersecurity or information technology. A full list of SAAs and their main contacts can be found here.
The planning committee will be responsible for creating the statewide cybersecurity plan, which must provide an assessment of 16 cyber-specific required and a list of projects being submitted for approval. The 16 required elements focus on a number of areas. Of particular note for county IT leaders are the following best practices and methodologies:
- Implement multi-factor authentication
- Implement enhanced logging
- Implement data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the Internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- Migrate to the .gov internet domain
WHAT IS THE COUNTY ROLE
While funding will come to the state and then be distributed to localities based on approved projects, counties represent an integral component. Counties should be assessing and developing strategies for improving cyber defenses. To that end, cross-boundary relationships are critical to the successful implementation of this funding.
- Contact your state association to share your priorities and encourage the state association to strengthen the relationship with the state CIO and CISO and even serve as the local county representative on the planning committee
- Contact your state CISO directly to offer to assistance in providing input to the statewide cyber security plan
- Develop your strategy and project list of cyber priorities. Your county specific plan should be forward thinking and strategically planned over the next four years
- Join, if you are not already, a member of the NACo Tech Xchange. This network of over 900 county IT Leaders serves as an interactive community where NACo posts relevant alerts and resources for counties and where counties share best practices and knowledge on technology topics including cyber
RESOURCES
- Grant Announcement (includes funding allocations by state)
- To contact CISA: SLCGPinfo@cisa.dhs.gov
- To contact FEMA: ASKCSID@fema.dhs.gov
- To contact NACo resources: Rita Reynolds rreynolds@naco.org
- Upcoming FEMA/CISA Outreach Calls to hear updates and ask questions. To register:
- Tuesday, October 18, 2022, | 3 – 4 p.m. EDT
- Tuesday, October 25, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 1, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 8, 2022, |3 – 4 p.m. EST

About Rita Reynolds (Full Bio)
Chief Information Officer
Rita serves as NACo's chief information officer. In this capacity, she oversees the internal technology operations of NACo, and leads NACo’s technology programs and initiatives for counties.More from Rita Reynolds
-
Webinar
How Overloaded County IT Organizations Can Address Traditional and New AI-Generated Cyber Threats
Sep. 28, 2023 , 1:00 pm – 2:00 pmCounty IT organizations are already overloaded dealing with cyber threats that could result in data breaches, loss of system access resulting in the unavailability of critical services, and more. New cyber threats generated by AI or chat add additional complexity on top of everything else. -
County News
Counties can lead during October's Cybersecurity Awareness Month
So much has changed in the 20 years since October was first named Cybersecurity Awareness Month, from the onslaught of social media and the invention of the cell phone to the proliferation of internet connected devices such as cameras, baby monitors and digital assistants. -
Webinar
Responding to Ransomware Attacks
Sep. 26, 2023 , 1:00 pm – 2:00 pmSeptember 26, 2023 | 1 PM Eastern Time -
County News
Iowa county IT managers assist counties without in-house staff
When an Iowa county asks for help, Joel Rohne rounds up a bunch of county IT personnel and takes them on a house call. -
Webinar
NACo Information Series on Treasury’s ARPA Flexibility Guidance: Transportation Infrastructure Project
Sep. 20, 2023 , 1:00 pm – 2:00 pmOn August 10, the U.S. -
Webinar
US Counties & Emerging Cybersecurity Trends
Sep. 13, 2023 , 1:00 pm – 2:00 pmSeptember 13th, 2023 | 1 P.M. Eastern Time
-
Webinar
Transforming Digital Government Experiences
October 5, 2023 , 1:00 pmIn today's rapidly evolving digital landscape, counties are presented with opportunities to enhance the quality of life for their residents through innovative technologies.10051:00 pm<p>In today's rapidly evolving digital landscape, counties are presented with opportunities to enhance the quality of life for their residents through innovative technologies.
-
Webinar
How a Cyber Attacker Moves Through a Network
October 17, 2023 , 1:00 pmOctober 17th, 2023 | 1 PM Eastern10171:00 pm<p><strong>October 17th, 2023 | 1 PM Eastern </strong><br />
<br /> -
Series
TechKnow Series: October, November, & December Sessions
October 18, 2023 – December 13, 2023October 18, 2023 | 1 PM Eastern - Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools -
Series
TechKnow Series: Charting Your AI Growth: A Practical Guide on the Use of Generative AI - What Are All Those Tools
October 18, 2023 , 1:00 pmOctober 18th, 2023 | 1 PM Eastern10181:00 pm<p><strong>October 18th, 2023 | 1 PM Eastern </strong></p>
-
Webinar
Unlocking Opportunity by Increasing Digital Equity
October 23, 2023 , 1:00 pm – 2:00 pmOctober 23rd, 2023 | 1 PM Eastern10231:00 pm<p><strong>October 23rd, 2023 | 1 PM Eastern </strong></p>
-
Webinar
Securing the Vote: EI-ISAC's Cybersecurity Solutions for the 2024 General Election
October 25, 2023 , 1:00 pm – 2:00 pmOctober 25th, 2023 | 1 PM Eastern Time10251:00 pm<p><strong>October 25th, 2023 | 1 PM Eastern Time</strong><br />
<br />
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Basic page
Transportation Policy Steering Committee
Responsible for all matters pertaining to federal transportation legislation, funding and regulation and its impacts on county government. This includes highway and bridge development, finance and safety, public transit development and finance, transportation planning, airport development and service, passenger and freight railroads, ports and waterways, freight movement, and research and development of new modes of transportation.pagepagepage<p>Responsible for all matters pertaining to federal transportation legislation, funding and regulation and its impacts on county government.
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Chief Information Officer(202) 942-4248
-
Associate Legislative Director – Telecommunications & Technology(202) 942-4212
Related Posts
-
County NewsCounties can lead during October's Cybersecurity Awareness MonthSep. 28, 2023
-
County NewsIowa county IT managers assist counties without in-house staffSep. 21, 2023
-
BlogThe County Countdown – August 29, 2023Aug. 29, 2023
Related Resources
-
Reports & ToolkitsNACo Analysis: Overview of New Treasury Guidance for ARPA Flexibility LegislationAug. 11, 2023
-
ResourceLegislative Analysis for Counties: H.R. 3935, the Securing Growth and Robust Leadership in American Aviation Act (House FAA reauthorization)Aug. 10, 2023
-
DocumentTechnical Assistance for Counties: USDOT Competitive Grant LifecycleJul. 5, 2023
Related Events
More From
-
Primer for Counties: 2023 Farm Bill Reauthorization
NACo's primer on the 2023 Farm Bill reauthorization breaks down the process counties can expect this year, highlights key county priorities and explains how counties can access funds authorized through the Farm Bill.
Learn More