FEMA Just Opened $1.5 Billion in Anti-Terrorism Grants — and Quietly Moved the Burden of Homeland Security Onto Local Governments. Here Is How the Nine Programs Split, Who Competes for Each, and Why the July 24 Deadlines Are Only Half the Story
July 10, 2026 · 6 min read
Granted Research Team · Editorial policy
On June 24, 2026, FEMA published a stack of Notices of Funding Opportunity totaling more than $1.5 billion — a coordinated release of the federal government's preparedness grants aimed at preventing terrorism, hardening critical infrastructure, and protecting the crowded public spaces where mass-casualty attacks happen. The press release framed it as empowering communities "to prevent terrorism and protect American infrastructure." That is accurate, but it undersells the more consequential shift buried in the fine print: the federal government is increasingly positioning state, local, tribal, and nonprofit applicants as the front line of homeland security, and the money now flows almost entirely through state pass-through agencies rather than from Washington directly.
For any agency, city, transit authority, or nonprofit that has ever considered a security-hardening project, this is the single largest coordinated funding window of the summer. But the deadlines — most clustering around July 24, 2026 at the federal level — are only half the story. The other half is the pass-through structure that decides whether your application ever reaches FEMA at all. We covered the resilience side of FEMA's portfolio in our analysis of the July 8 $584 million recovery package; this is the security side, and it operates on entirely different rules.
The $1.5 billion, broken into three tiers
The June 24 release is not one grant. It is roughly nine distinct programs bundled into a single announcement, and they reward completely different applicants. Understanding which tier you belong to is the first strategic decision.
Tier 1 — The Homeland Security Grant Program (HSGP): more than $1 billion
HSGP is the anchor. It bundles three sub-programs, all administered through State Administrative Agencies (SAAs):
- State Homeland Security Program (SHSP). Formula-plus-competitive funding to every state and territory to build and sustain core preparedness capabilities — planning, equipment, training, and exercises tied to the national priority areas.
- Urban Area Security Initiative (UASI). Targeted funding to the highest-risk metropolitan regions, allocated by a risk methodology that weighs population density, critical infrastructure, and threat. If your jurisdiction is inside a designated UASI region, this is a materially larger pool than SHSP.
- Operation Stonegarden. Funding for law-enforcement agencies operating in border regions to support joint border-security operations.
For FY2026, FEMA named its priority areas explicitly: improving coordination among law-enforcement agencies, strengthening the cybersecurity of critical infrastructure, protecting the integrity of American elections, supporting border-security efforts, and enhancing the protection of crowded spaces such as concerts and parades. Those five priorities are not decoration — they are the scoring rubric. A project that maps cleanly onto one of them competes; a project that does not, does not.
Tier 2 — The Nonprofit Security Grant Program (NSGP): $300 million
NSGP is the program most relevant to the nonprofit sector Granted serves, and it received $300 million for FY2026, split evenly:
- $150 million — NSGP-UA, for eligible nonprofits located inside designated major urban areas.
- $150 million — NSGP-S, for eligible nonprofits everywhere else, applied for through a state-level competition.
Eligible nonprofits — houses of worship, community centers, schools, cultural institutions, and others at high risk of terrorist or extremist attack — can request up to $200,000 per site, and up to three sites for a maximum of $600,000 per organization. The money pays for target hardening: reinforced doors and windows, blast-resistant film, access control, security cameras and video-management systems, lighting, and physical barriers. We published a dedicated tactical guide to this program — the NSGP investment-justification playbook for houses of worship — because it is the FEMA program that trips up first-time applicants most reliably.
Tier 3 — The infrastructure-protection programs: more than $500 million
FEMA layered on more than $500 million across six additional programs protecting specific critical systems: houses of worship, port authorities, transit systems, Amtrak, intercity bus operators, and tribal and territorial government facilities. These include the Transit Security Grant Program, the Port Security Grant Program, the Intercity Passenger Rail (Amtrak) program, and the Intercity Bus Security Grant Program. Each has a narrow eligibility gate — you generally must operate the infrastructure in question — but for those who qualify, the competition is far thinner than the marquee HSGP pool.
The structural truth: you almost never apply to FEMA
Here is the trap that costs applicants a full cycle every year. With the exception of a handful of the Tier 3 infrastructure programs, you do not apply to FEMA directly. FEMA passes homeland-security money to each state's SAA — the state homeland-security or emergency-management office — and the SAA runs the competition, sets its own earlier deadline, and forwards a ranked slate of applications up to FEMA.
This means the July 24 federal deadline is frequently irrelevant to you. Your real deadline is whatever your SAA sets, and those deadlines vary by weeks from state to state. For NSGP in particular, several states' FY2026 windows had already closed by early July, while others remained open — Ohio's nonprofit deadline, for example, landed at noon Eastern on July 10, 2026, two full weeks ahead of the federal date. If you wait to see the FEMA press release before acting, you have in many states already missed the window.
The action item is unambiguous: find your State Administrative Agency's specific deadline today, not the federal one. A single web search for your state's name plus "State Administrative Agency NSGP" or "SHSP" will surface the office and its calendar. That call is worth more than any amount of proposal polish.
Why the "burden shift" matters strategically
Read across all nine programs and a pattern emerges. The federal government is funding capability at the local level — coordination, cyber-hardening, election security, crowded-space protection — rather than running these functions itself. Analysts covering the release framed it as local governments "assuming a larger security role." For applicants, that shift has two implications.
First, the priorities are now the whole game. A camera-and-doors project that would have scored fine three years ago competes poorly today unless it is explicitly tied to a named threat and one of the five FY2026 priority areas. Your investment justification must lead with risk — a documented threat, a vulnerability assessment, and a consequence analysis — not with a shopping list.
Second — and this is the durable lesson — the agencies and nonprofits that win are the ones with a standing relationship to their SAA. The pass-through model rewards organizations that are known quantities: they have a current vulnerability assessment on file, they attended the state's applicant webinar, and they submitted a clean investment justification last cycle even if they did not win. The grant is competitive, but the competition is decided months before the deadline.
The strategy, in five moves
- Identify your tier and your program. Law-enforcement agency in a border county? Stonegarden and SHSP. Nonprofit at risk of attack? NSGP. Transit authority or port? The Tier 3 infrastructure programs. Do not spread a thin application across programs you half-qualify for.
- Call your State Administrative Agency this week. Get the real deadline, the state-specific application portal, and the name of the program contact. The federal July 24 date is a ceiling, not your date.
- Lead every application with a threat and vulnerability assessment. Many states, and NSGP specifically, expect or reward a formal assessment. If you do not have one, a documented walk-through by local law enforcement or a qualified security professional is the minimum.
- Map explicitly to a FY2026 priority. Name it. "This project strengthens the cybersecurity of critical infrastructure" or "this hardens a crowded public space" should appear in your first paragraph, in the reviewers' language.
- Build for next year even if you miss this one. If your state's window has closed, use the remaining summer to complete your hazard-mitigation plan, commission your vulnerability assessment, and introduce yourself to the SAA. The applicants who win FY2027 are being made right now.
The bottom line
FEMA's $1.5 billion June 24 release is real money, broadly available, and pointed at exactly the kinds of security projects that state agencies, cities, transit systems, and nonprofits routinely defer for lack of funds. But it is gated by a pass-through structure that quietly moves the deadline — and the decision — to your state. The organizations that treat "call the SAA" as the first task, not the last, are the ones that turn a national headline into a funded project. Everyone else reads the press release, notes the July 24 date, and discovers in August that their state closed the window in June.
Granted tracks federal, state, and foundation deadlines — including the state-level pass-through windows that FEMA's national announcements never mention — and matches them to your organization's eligibility. Start with your funder and eligibility profile to see which of these programs you can actually compete for.