State and Local Cybersecurity Grant Program (SLCGP)

In the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), Congress established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities* to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments.” Within the U.S. Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) are implementing this authority through two grant programs:

The SLCGP allows only state and territory State Administrative Agencies (SAAs) to apply for grant funding. Under SLCGP, states and territories are the only eligible entities. Local and tribal governments are eligible subrecipients under this program.

In the first year, the focus is on establishing a strong foundation on which to build a sustainable cybersecurity program. Initial priorities include the following, all of which are statutory conditions for receiving a grant:

• Establish a Cybersecurity Planning Committee that can lead entity-wide efforts. 
• Develop a Cybersecurity Plan that addresses the entire jurisdiction and incorporates cybersecurity best practices.
• Conduct assessments and evaluations to identify gaps that can be mitigated by individual projects throughout the life of the grant program.