Cybersecurity Grant Program

Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program (SLCGP), appropriating $1 billion to be awarded over four years.

Funding for each state is calculated using a formula determined by the federal Cybersecurity and Infrastructure Security Agency (CISA). Georgia expects to receive almost $5 million for FY 2022. The grant requires matching funds, set at 10% for FY 2022 and increasing to 40% by FY 2025.

For states, a majority of grant funding is focused on local government cybersecurity:

  • At least 80% of grant funds must benefit local governments.
  • Of that 80% share, at least 25% must benefit rural areas.

These requirements can be met using a direct passthrough of funds and/or, with their consent, spent on cyber capabilities provided on behalf of local governments.

Grant funds can be used to meet four objectives:

  1. Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
  2. Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
  3. Implement security protections commensurate with risk.
  4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility.

Applying for FY 2023 Cybersecurity Grant Funds

CISA announced the above SLCGP goals and objectives for FY 2023. During FY 2022, applicants were encouraged to focus on the first objective. In FY 2023, applicants must address the other program objectives, two, three, and four.

While not required, CISA strongly recommends:

  • Prioritizing projects that address critical infrastructure cybersecurity. State, local, and tribal (SLT) entities are strongly encouraged to include projects related to K - 12 education, water/wastewater, healthcare, energy, defense, and elections infrastructure.
  • Strongly encouraging Cybersecurity Planning Committee membership from critical infrastructure sectors and sub-sectors, including K - 12 education, water/wastewater, healthcare, energy, defense, and elections infrastructure.

EM Grant Application Now Open

The Emergency Management (EM) Grant is now open for application for the FY 2022 project funds. All entities who submitted projects in 2022 should go to the EM Grant portal to create an account and follow the directions to apply for funding. Use the below attachments for a step-by-step guide and contact information for further assistance.

State Cybersecurity Grant Program Plan Timeline
April 24, 2023 State Cybersecurity Grant Program plan submitted.
May 22, 2023 CISA approves state plan.
TBD Funds release.
June 2023 FEMA and CISA conduct pre-NOFO (notice of funding opportunity) release webinars to inform applicants of FY-2023 program updates.
July 11, 2023 FY 2023 Download this pdf file. NOFO release.
September 12, 2023 Application submission deadline.
November 30, 2023 Anticipated award date.
December 1, 2023 Projected period of performance start date.
November 30, 2027 Projected period of performance end date.

Additional information will be posted as it becomes available.

Cybersecurity Grant Program Resources

Below are resources local governments may find useful in preparing their submissions:

Updated November 20, 2023