Cybersecurity Grants is sponsored by Virginia Department of Education. Offers grants to Virginia public schools for purchasing qualifying security equipment to enhance student safety.

Cybersecurity Grants | Virginia IT Agency State and Local Cybersecurity Grant Program (SLCGP)​ On Sept. 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.

​​​ VITA, in partnership with the State Administrative Agency (SAA) for the Commonwealth, the Virginia Department of Emergency Management, has applied and been approved for all available program years.

​ ​Virginia participation in the SLCGP is focused on:​ Achieving improvements for as many qualified entities as possible​ These two focus areas resulted in a program design that:​ Provides opportunities for qualified entities to participate without taking on the burden of federal grant management requirements​ Creates project execution types that provide the resources needed to implement and maintain improvements for qualified entities that may not have the staff to support​ Involves applications that are relatively simple​ While Virginia's approach to the SLCGP is different from many grant programs, it remains dedicated to managing and reducing systemic cyber risk through the objectives outlined in SLCGP Notices of Funding Opportunity.

​ For more information on the federal SLCGP program , visit https://www. cisa. gov/cybergrants/slcgp .

​ Virginia Cybersecurity Planning Committee (VCPC)​ The VCPC, a requirement of the SLCGP, is comprised of cybersecurity and IT leaders from state and local government, and the private sector. All VCPC members are appointed by Governor Youngkin. The VCPC is responsible for creating and maintaining Virginia’s Cybersecurity Plan.

They also assist with determining funding priorities and aligning investments with closing capability gaps or sustaining capabilities. Infrastructure Investment and Jobs Act (IIJA), Pub. L.

No. 117-58, § 70612 2021 Item 93(F) of Virginia's 2022 Appropriation Act VCPC Electronic Participation Policy Virginia's statewide cybersecurity plan , created by the VCPC, represents a continued commitment to improving and supporting a whole of state approach to cybersecurity. The plan also meets the requirement of the current U.S. Department of Homeland Security guidelines for the SLCGP.

​ The Cybersecurity Plan includes actionable and measurable goals and objectives focused on: inventory and control of technology assets, software and data, threat monitoring, threat protection and prevention, data recovery and continuity, and understanding an organization’s cybersecurity maturity level.

They are designed to support the Commonwealth in planning for effective security technologies and navigating the ever-changing cybersecurity landscape. ​ Cybersecurity Plan Vision for Improving Cybersecurity​ Create a cybersecurity ecosystem supporting a whole of state approach for state and local governments to safeguard critical infrastructure, protect Virginians’ data, and ensure the continuity of essential services.

​ Cybersecurity Plan Mission​ View the 2022 Virginia Cybersecurity Plan . ​ Each program year of the SLCGP requires a cost share: This cost share is required for all spending from the grant, whether for local passthrough grants, statewide projects or management and administration. ​ In 2022, the Virginia General Assembly appropriated state cost share funds of more than $4.

9 million . These funds are being used to minimize and/or eliminate the need for qualified entities to provide cost share funds to participate in SLCGP projects.

Cyber threat indicator information sharing - funding a security operations center Management and administration - funding to provide for the administration, oversight and compliance of the grant award Cybersecurity Plan Capability Assessment Project - funding to conduct baseline assessments against the state-wide cybersecurity plan program objectives FAQs: State and Local Cybersecurity Grant Program To learn more about the State and Local Cybersecurity Grant Program (SLCGP), visit frequently asked questions (FAQs).

Join the VDEM listserv for this grant: Visit Virginia Department of Emergency Management (govdelivery. com) , enter your email address, and then select the "State and Local Cybersecurity Grants Program" from the list (near the bottom). All notifications and reminders for grant applications will be shared via this email list.

Attend a Virginia Cybersecurity Planning Committee (VCPC) meeting or review past meeting materials: VCPC meetings provide the public venue for oversight of the SLCGP, where attendees learn more about the strategic direction of the program. Visit Virginia Regulatory Town Hall - Meetings to view past meeting materials and see upcoming meeting dates, times, locations and electronic access information. Contact the cybercommittee@vita.

virginia.

gov with any questions State and Local Cybersecurity Grant Program (SLCGP) FAQs last updated : February 20, 2026 In the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), Congress established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments.

” What is the purpose of the SLCGP? The SLCGP provides funding to state, local, tribal and territorial (SLTT) governments to address cybersecurity risks and cybersecurity threats to SLTT-owned or operated information systems. All requirements and program guidance are established in the notice of funding opportunity (NOFO).

The overarching goal of the program is to assist SLTT governments in managing and reducing systemic cyber risks. To accomplish this, CISA has established four discrete, but interrelated objectives: Governance and planning: Develop and establish appropriate governance structures, as well as plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.

Assessment and evaluation: Identify areas for improvement in SLTT cybersecurity posture based on continuous testing, evaluation, and structured assessments. Mitigation: Implement security protections commensurate with risk (outcomes of Objectives 1 and 2), using the best practices as described in element 5 of the required 16 elements of the cybersecurity plans and those further listed in the NOFO.

Workforce development: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with their responsibilities as suggested in the National Initiative for Cybersecurity Education. How many years of appropriations were authorized for the SLCGP? A total of 4 years of funding were appropriated for the SLCGP.

The funding began in federal fiscal year (FFY) 2022 and goes through FFY2025. Each funding year has a period of performance of 48 months. How are the federal funds allocated, applied for and distributed?

State Administrative Agencies (SAAs) for states and territories are the only eligible applicants for the federal grant funds. In Virginia, local governments will work with the Virginia Cybersecurity Planning Committee to receive subawards. What is the Virginia Cybersecurity Planning Committee?

The Virginia Cybersecurity Planning Committee (VCPC) was created and has the authority to adopt a charter and bylaws pursuant to the Infrastructure Investment and Jobs Act (IIJA), Pub. L. No. 117- 58, § 70612 (2021), and Item 93(F) of Virginia’s 2022 Appropriation Act.

VCPC is constituted under the IIJA and Item 93 as a “planning committee.

” As a “planning committee,” VCPC is specifically charged with: Assisting with the development, implementation, and revision of the Cybersecurity Plan; Approving the Cybersecurity Plan; Assisting with the determination of effective funding priorities; Coordinating with other committees and like entities with the goal of maximizing coordination and reducing duplication of effort; Creating a cohesive planning network that builds and implements cybersecurity preparedness initiatives using FEMA resources, as well as other federal, SLT, private sector, and faith-based community resources; Ensuring investments support closing capability gaps or sustaining capabilities; and Ensuring local government members, including representatives from counties, cities, and towns within the eligible entity provide consent on behalf of all local entities across the eligible entity for services, capabilities, or activities provided by the eligible entity through this program.

The VCPC is not permitted to make decisions relating to information systems owned or operated by, or on behalf of, the state. What funding priorities and associated projects has the VCPC approved so far? The following projects were approved by the VCPC and will be implemented using SLCGP program year 1 funding: Management and administration – Funding to provide for the administration, oversight and compliance of the grant award.

Cyber threat indicator information sharing – Funding to establish a Virginia Information Sharing and Analysis Center (VA-ISAC). Cybersecurity plan and assessments – Funding to establish the Virginia Cybersecurity Plan and complete a cybersecurity plan capability assessment.

*Application window now closed* Cybersecurity plan – Funding to conduct baseline assessments against the state-wide cybersecurity plan program objectives What is the Virginia Cybersecurity Plan? Virginia's statewide cybersecurity plan , created by the VCPC, represents a continued commitment to improving and supporting a whole of state approach to cybersecurity.

The plan also meets the requirement of the current U.S. Department of Homeland Security guidelines for the SLCGP. ​ The Cybersecurity Plan includes actionable and measurable goals and objectives focused on: inventory and control of technology assets, software and data, threat monitoring, threat protection and prevention, data recovery and continuity, and understanding an organization’s cybersecurity maturity level.

They are designed to support the Commonwealth in planning for effective security technologies and navigating the ever-changing cybersecurity landscape. ​ Cybersecurity Plan Vision for Improving Cybersecurity ​ Create a cybersecurity ecosystem supporting a whole of state approach for state and local governments to safeguard critical infrastructure, protect Virginians’ data, and ensure the continuity of essential services.

​ Cybersecurity Plan Mission ​ View the Cybersecurity Plan ​ Who is eligible for grant funding through this program? Eligible applications for this program must meet the definition of “local government” as defined in 6 U.S.C.

§ 101(13): County, municipality, city, town, township, local public authority, school district, special district, intrastate district, council of governments (regardless of whether the council of governments is incorporated as a nonprofit corporation under State law), regional or interstate government entity, or agency or instrumentality of a local government A public educational institution (e.g., elementary school, secondary school, or institution of higher education) is generally eligible to receive assistance under SLCGP if it is an agency or instrumentality of a state or local government under state and/or local law.

Federally recognized tribe or authorized tribal organization Rural community, unincorporated town or village, or other public entity. Ineligible applicants include: Nonprofit organizations; and Private Educational Institutions A private educational institution would not be eligible to receive SLCGP assistance because it is not an agency or instrumentality of a state or local government.

“Assistance” means either funding, non-funding assistance (i.e., items, services, capabilities, or activities), or a combination of both. The eligibility of charter schools depends on the function of the charter school – it will be eligible if, and only if, it is an agency or an instrumentality of the state or local government. This will be a determination for VITA and VDEM to make, based on state or local law.

If you have questions or feel your jurisdiction needs help meeting any of the grant requirements, please contact cybercommittee@vita. virginia. gov .

Where can I learn more about this program? For more information about the federal grant program, visit: State and Local Cybersecurity Grant Program | CISA . For more information about Virginia’s program, visit: Grant Programs | Virginia IT Agency .

Why is a local consent agreement (LCA) needed for some grants/projects? The SLCGP seeks to bring state and local government together to improve cybersecurity and therefore balances roles and authorities. For example, the SLCGP allows grants only to states and mandates statewide cybersecurity plans but also requires 80% of the grant funding be used to benefit localities.

The SLCGP encourages shared services but also requires LCAs when a state will provide items, services, capabilities, and activities in lieu of subgrants of funding (unless state law authorizes the state to decide for localities). For this assessments project, Virginia is undertaking all of the grant administration and matching funding obligations and providing services (an assessment) to each participating entity.

Accordingly, participating entities need to submit both an application and a LCA. What type of project execution types will be available during phase 2? A project execution type is a way of completing work associated with the above project areas.

These project execution types were designed with the intention of keeping things as simple as possible for local governments and other qualified entities.

You'll submit one application for each project area, and within that application, you'll choose from the following project execution types:​​ Additional license purchase only Already have the necessary tools and software Need more licenses to fully cover your environment Want to leverage buying power, when possible Want VITA to manage SLCGP grant requirements, reporting, etc. Need additional funding to purchase the software and/or service Have the staff, expertise and time to install, set up and maintain the software Want to leverage buying power, when possible Want VITA to manage SLCGP grant requirements, reporting, etc. Need assistance with purchasing licenses, installing and setting up the software and/or service Have the staff, expertise and time to maintain the software Want to leverage buying power, when possible Want VITA to manage SLCGP grant requirements, reporting, etc. Need assistance with both implementation and maintenance of software and/or service Want to leverage buying power, when possible Want VITA to manage SLCGP grant requirements, reporting, etc. Pass-through funding project Have your own unique project to address improving the selected project area Are able to pay for project expenses and submit requests for reimbursements from the SLCGP Are able to submit necessary reports and satisfy all other SLCGP requirements for subgrantees What decision criteria will be used to approve my application for phase 2?

Application decision criteria: Whether your organization meets the subrecipient eligibility criteria listed above Participation in the Cybersecurity Plan Capability Assessment -or- completion of an equivalent assessment Alignment of your organization's resources to support the project area and project execution type selected.

For example, if you choose Firewall Implementation Only , your organization should have the knowledge, skills, and ability to maintain the firewall software once it is implemented. Decisions throughout the SLCGP are focused on maximizing improvements to cybersecurity capabilities across the Commonwealth while complying with grant program requirements, such as the required set aside for rural localities.