How counties can access funds through the new State and Local Cybersecurity Grant Program

-
BlogOn September 16, the U.S.How counties can access funds through the new State and Local Cybersecurity Grant Program
-
Blog
How counties can access funds through the new State and Local Cybersecurity Grant Program
On September 16, the U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) announced the a Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), which is funded by the Bipartisan Infrastructure Law (BIL). The SLGCP provides a total of $1 billion in funding over the next four years, with a total of $185 million available for Fiscal Year (FY) 2022, to support state and local efforts to address cyber risks to their information systems
KEY POINTS
- The funds are appropriated to FEMA, with the Cybersecurity Infrastructure and Security Agency (CISA) being identified as the subject matter expert. While FEMA will handle administration, CISA will review and approve state submitted plans, as well as serve as a resource for answering questions and guiding states and local government through the process
- The funding that will be available to each state is determined by using a baseline allocation plus a population-based allocation formula. Specific state allocations were updated with minor changes on Oct 7 and can be found here
- 80% must be passed through to local entities within 45 days of a state’s receipt of funds
- 25% of a state’s total allocation must go to rural communities
- Each year will require a cost share or match, of which soft or in-kind expenses are eligible
WHAT CAN THE FUNDING BE USED FOR
The goal of the grant is to assist SLTT governments with managing and reducing systemic cyber risk. At a high level, funding requests can fall under four objectives. Specific eligible cyber areas are referenced in more detail under the plan requirements listed in the next section.
- Objective 1 - Governance & Planning – projects such as the development of the statewide plan
- Objective 2 - Assessment & Evaluation – projects such as cyber security assessments
- Objective 3 - Mitigation – projects such as MFA implementation, enhanced logging, enhancing end user protections, monitoring tools and training and education, elimination of unsupported/end of life software and hardware that are accessible from the internet, migrating to the .gov domain.
- Objective 4 - Workforce Development – identifying and mitigating gaps in the cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills, and abilities of personnel
WHAT IS THE ELIGIBLE ENTITY ROLE (STATE ROLE)
To be awarded the funding, each State’s identified State Administrative Agency (SAA) will need to apply for the assistance funds. The state is also required to create a cyber security planning committee consisting of the following membership: the eligible entity, State CIO/CISO or equivalent, Local/counties (if eligible entity is a state), Representatives from varying densities, public education, and public health. 50% of members must have professional experience relating to cybersecurity or information technology. A full list of SAAs and their main contacts can be found here.
The planning committee will be responsible for creating the statewide cybersecurity plan, which must provide an assessment of 16 cyber-specific required and a list of projects being submitted for approval. The 16 required elements focus on a number of areas. Of particular note for county IT leaders are the following best practices and methodologies:
- Implement multi-factor authentication
- Implement enhanced logging
- Implement data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the Internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- Migrate to the .gov internet domain
WHAT IS THE COUNTY ROLE
While funding will come to the state and then be distributed to localities based on approved projects, counties represent an integral component. Counties should be assessing and developing strategies for improving cyber defenses. To that end, cross-boundary relationships are critical to the successful implementation of this funding.
- Contact your state association to share your priorities and encourage the state association to strengthen the relationship with the state CIO and CISO and even serve as the local county representative on the planning committee
- Contact your state CISO directly to offer to assistance in providing input to the statewide cyber security plan
- Develop your strategy and project list of cyber priorities. Your county specific plan should be forward thinking and strategically planned over the next four years
- Join, if you are not already, a member of the NACo Tech Xchange. This network of over 900 county IT Leaders serves as an interactive community where NACo posts relevant alerts and resources for counties and where counties share best practices and knowledge on technology topics including cyber
RESOURCES
- Grant Announcement (includes funding allocations by state)
- To contact CISA: SLCGPinfo@cisa.dhs.gov
- To contact FEMA: ASKCSID@fema.dhs.gov
- To contact NACo resources: Rita Reynolds rreynolds@naco.org
- Upcoming FEMA/CISA Outreach Calls to hear updates and ask questions. To register:
- Tuesday, October 18, 2022, | 3 – 4 p.m. EDT
- Tuesday, October 25, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 1, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 8, 2022, |3 – 4 p.m. EST
On September 16, the U.S.2022-10-14Blog2022-10-14
On September 16, the U.S. Department of Homeland Security (DHS) and Federal Emergency Management Agency (FEMA) announced the a Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), which is funded by the Bipartisan Infrastructure Law (BIL). The SLGCP provides a total of $1 billion in funding over the next four years, with a total of $185 million available for Fiscal Year (FY) 2022, to support state and local efforts to address cyber risks to their information systems
KEY POINTS
- The funds are appropriated to FEMA, with the Cybersecurity Infrastructure and Security Agency (CISA) being identified as the subject matter expert. While FEMA will handle administration, CISA will review and approve state submitted plans, as well as serve as a resource for answering questions and guiding states and local government through the process
- The funding that will be available to each state is determined by using a baseline allocation plus a population-based allocation formula. Specific state allocations were updated with minor changes on Oct 7 and can be found here
- 80% must be passed through to local entities within 45 days of a state’s receipt of funds
- 25% of a state’s total allocation must go to rural communities
- Each year will require a cost share or match, of which soft or in-kind expenses are eligible
WHAT CAN THE FUNDING BE USED FOR
The goal of the grant is to assist SLTT governments with managing and reducing systemic cyber risk. At a high level, funding requests can fall under four objectives. Specific eligible cyber areas are referenced in more detail under the plan requirements listed in the next section.
- Objective 1 - Governance & Planning – projects such as the development of the statewide plan
- Objective 2 - Assessment & Evaluation – projects such as cyber security assessments
- Objective 3 - Mitigation – projects such as MFA implementation, enhanced logging, enhancing end user protections, monitoring tools and training and education, elimination of unsupported/end of life software and hardware that are accessible from the internet, migrating to the .gov domain.
- Objective 4 - Workforce Development – identifying and mitigating gaps in the cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills, and abilities of personnel
WHAT IS THE ELIGIBLE ENTITY ROLE (STATE ROLE)
To be awarded the funding, each State’s identified State Administrative Agency (SAA) will need to apply for the assistance funds. The state is also required to create a cyber security planning committee consisting of the following membership: the eligible entity, State CIO/CISO or equivalent, Local/counties (if eligible entity is a state), Representatives from varying densities, public education, and public health. 50% of members must have professional experience relating to cybersecurity or information technology. A full list of SAAs and their main contacts can be found here.
The planning committee will be responsible for creating the statewide cybersecurity plan, which must provide an assessment of 16 cyber-specific required and a list of projects being submitted for approval. The 16 required elements focus on a number of areas. Of particular note for county IT leaders are the following best practices and methodologies:
- Implement multi-factor authentication
- Implement enhanced logging
- Implement data encryption for data at rest and in transit
- End use of unsupported/end of life software and hardware that are accessible from the Internet
- Prohibit use of known/fixed/default passwords and credentials
- Ensure the ability to reconstitute systems (backups)
- Migrate to the .gov internet domain
WHAT IS THE COUNTY ROLE
While funding will come to the state and then be distributed to localities based on approved projects, counties represent an integral component. Counties should be assessing and developing strategies for improving cyber defenses. To that end, cross-boundary relationships are critical to the successful implementation of this funding.
- Contact your state association to share your priorities and encourage the state association to strengthen the relationship with the state CIO and CISO and even serve as the local county representative on the planning committee
- Contact your state CISO directly to offer to assistance in providing input to the statewide cyber security plan
- Develop your strategy and project list of cyber priorities. Your county specific plan should be forward thinking and strategically planned over the next four years
- Join, if you are not already, a member of the NACo Tech Xchange. This network of over 900 county IT Leaders serves as an interactive community where NACo posts relevant alerts and resources for counties and where counties share best practices and knowledge on technology topics including cyber
RESOURCES
- Grant Announcement (includes funding allocations by state)
- To contact CISA: SLCGPinfo@cisa.dhs.gov
- To contact FEMA: ASKCSID@fema.dhs.gov
- To contact NACo resources: Rita Reynolds rreynolds@naco.org
- Upcoming FEMA/CISA Outreach Calls to hear updates and ask questions. To register:
- Tuesday, October 18, 2022, | 3 – 4 p.m. EDT
- Tuesday, October 25, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 1, 2022, | 3 – 4 p.m. EDT
- Tuesday, November 8, 2022, |3 – 4 p.m. EST

About Rita Reynolds (Full Bio)
Chief Information Officer
Rita serves as NACo's chief information officer. In this capacity, she oversees the internal technology operations of NACo, and leads NACo’s technology programs and initiatives for counties.More from Rita Reynolds
-
Webinar
Whole-of-State 2.0: A Tale of Two States and Counties
Mar. 9, 2023 , 1:00 pm – 2:00 pmUnable to attend? Watch the recording below. No matter where you are in your cybersecurity journey - you've probably heard of Whole-of-State. What does this mean for your jurisdiction? -
Webinar
NACo Cyberattack Simulation: Election Disruptions
Feb. 27, 2023 – Mar. 3, 2023Presented by the NACo County Tech Xchange and Professional Development Academy -
Webinar
Executive Perspectives on Preparing for an ERP Replacement Project
Feb. 22, 2023 , 3:00 pm – 4:00 pmUnable to attend? Watch the recording below. -
County News
Buttigieg talks partnering with counties on infrastructure, safety, climate change
Counties and the federal government must work together to get the most out of funding for the Safe Streets and Roads for All program and the Bipartisan Infrastructure Law -
County News
‘When we’re not connected, we’re not safe,’ because buildings block radio
In a room packed with about 100 conference attendees, Guilford County, N.C. Commissioner Alan Perdue gave a powerful presentation Saturday morning on the importance of clear communication among emergency responders.
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
NACo Cyberattack Simulation: Employee Management
December 4, 2023 – December 8, 2023Presented by the NACo County Tech Xchange and Professional Development Academy12041:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Basic page
Transportation Policy Steering Committee
Responsible for all matters pertaining to federal transportation legislation, funding and regulation and its impacts on county government. This includes highway and bridge development, finance and safety, public transit development and finance, transportation planning, airport development and service, passenger and freight railroads, ports and waterways, freight movement, and research and development of new modes of transportation.pagepagepage<p>Responsible for all matters pertaining to federal transportation legislation, funding and regulation and its impacts on county government.
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Chief Information Officer(202) 942-4248
-
Associate Legislative Director – Telecommunications & Technology(202) 942-4212
Related Posts
-
BlogCounties directly eligible for $700 million in FY 2023 USDOT Electric Vehicle Charging GrantsMar. 14, 2023
-
County NewsButtigieg talks partnering with counties on infrastructure, safety, climate changeFeb. 14, 2023
-
County News‘When we’re not connected, we’re not safe,’ because buildings block radioFeb. 11, 2023
Related Resources
-
VideoCIO Forum: RISE to the FutureFeb. 10, 2023
-
Reports & ToolkitsNACo Technology Guide for County Leaders: WorkforceFeb. 2, 2023
-
Policy BriefFAA ReauthorizationFeb. 1, 2023
Related Events
More From
-
Primer for Counties: 2023 Farm Bill Reauthorization
NACo's primer on the 2023 Farm Bill reauthorization breaks down the process counties can expect this year, highlights key county priorities and explains how counties can access funds authorized through the Farm Bill.
Learn More