Cybersecurity Grant Opportunties for State and Local Public Entities

Resiliency, Protection, Peace-of-Mind

Have Questions? Contact Us Today!


Cybersecurity grants for state and local public entities help address modern technical risks, securing data and enhancing infrastructure resiliency. To fortify the digital defenses of states and territories in the United States, the State and Local Cybersecurity Grant Program (SLCGP) has emerged as a pivotal initiative. The program offers substantial funding opportunities to eligible participants, with consultants such as Berquist Recovery Consulting aiding applicants in streamlining the application and grant management processes.

Glasses sitting in front of a computer screen that displays code.

Understanding the State & Local Cybersecurity Grant Program

The primary objective of the SLCGP cybersecurity grant program is to empower states, territories, and local communities, with a particular focus on rural areas, to effectively address cybersecurity risks and threats. Jointly administered by the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA), the program aims to enhance the security of critical infrastructure and bolster the resilience of services provided by state, local, tribal, and territorial (SLTT) government agencies.

Structural utilities for cyber transmission of data.

Goals & Objectives

The SLCGP’s overarching goals align with national priorities around reducing cybersecurity threats. These objectives include:

  • Implementing Cyber Governance and Planning: Establishing robust cyber governance structures and comprehensive planning mechanisms.
  • Assessing and Evaluating Systems: Conducting thorough assessments and evaluations of information systems and cybersecurity capabilities.
  • Mitigating Prioritized Issues: Addressing and mitigating high-priority cybersecurity issues identified through assessments.
  • Building a Cybersecurity Workforce: Fostering the development of a skilled and capable cybersecurity workforce to combat evolving threats.

Eligibility & Pass-Through Requirements

All 56 states and territories, encompassing the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. However, the application process is facilitated exclusively through the Governor-designated SLCGP State Administrative Agency (SAA). A critical aspect of the program is the pass-through requirement, mandating that at least 80% of the federal funds must be passed on to local governments, with 25% dedicated to rural entities.

The pass-through process involves a firm written commitment from the SAA, unconditional support, documentation of the commitment, and communication of award terms to local subrecipients. This mechanism ensures that funds flow efficiently to the entities on the front lines of cybersecurity challenges.

Funding Allocation

The funding allocation to each state and territory is determined by a statutory formula, ensuring a fair distribution of resources. The funding structure includes a base level for each entity, with additional funds based on a combination of state and rural population totals. Importantly, 80% of the total state or territory allocations must support local entities, while 25% is specifically designated to support rural entities.

Multi-Entity Projects & Cost-Share Requirements

The SLCGP acknowledges the collaborative nature of addressing cybersecurity threats and allows multiple eligible entities to form groups. However, there is no separate funding for multi-entity projects; instead, they are considered group projects where each member contributes a predefined funding amount from their SLCGP award. Cost-sharing is a vital aspect of the program, with eligible entities required to meet a 20% cost-share, except for multi-entity projects, which have a 10% cost-share.

Application Process & Timeline

Applying for an award under the SLCGP involves a multi-step process. Early registration is encouraged, as it can take four weeks or more to complete. Eligible applicants should submit their initial application through at least one week before the final submission deadline. Once notified by FEMA, the complete application package must be submitted in the Non-Disaster (ND) Grants System by the application deadline.

Each eligible entity is required to meet the following criteria (per FEMA):

  1. Submit a Cybersecurity Plan, Cybersecurity Planning Committee Membership List and a Cybersecurity Charter that aligns with the criteria detailed in the FEMA notice of funding opportunity (NOFO), unless the applicant has a CISA-approved Cybersecurity Plan, Committee Membership List and Charter.
  2. FEMA will not release funds to a recipient until CISA approves the entity’s Cybersecurity Plan; and
  3. Details on the requirements for the Cybersecurity Plan, Committee Membership List and Charter can be found in Appendix A – C of the funding notice.
Entity Type Eligible?
County or Parish Government Yes
Municipality, city, town, township Yes
Local public authority Yes
Public school district Yes
Charter or private school No
Special district or Intrastate district Yes
Council of governments Yes
Indian tribe or authorized tribal organization, Alaska Native village or Alaska Regional Native Corporation* Yes
A rural community, unincorporated town or village, or other public entity Yes
Nonprofit organizations No
Private corporations No

*Additional rules & restrictions may apply.

Application Support

Consulting firms like BRC help you craft thorough, effective grant applications based on the unique needs and risks of your entity. We’ll help you maximize funding opportunities and then ensure compliance with program requirements and documentation standards. Our expertise helps you avoid compliance pitfalls, reducing the risk of delays or future de-obligations or repayments. We guide you in optimizing your cybersecurity grant application requests, enabling you to secure the financial assistance required for more effective cybersecurity.

Two computer screens side by side displaying code.


The State and Local Cybersecurity Grant Program stands as a cornerstone in fortifying the cybersecurity posture of states, territories, and local communities. Its robust funding structure, clear objectives focused on enhancing digital security, and emphasis on collaboration make it a pivotal initiative in the nation’s cybersecurity strategy. With the guidance and support of consultants like Berquist Recovery Consulting, entities can navigate the complexities of the application and grant management processes, ensuring that cybersecurity resources are deployed effectively and efficiently to safeguard critical infrastructure and services.