State and Local Cybersecurity Grant Program (SLCGP) is sponsored by U.S. Department of Homeland Security (DHS) through the Federal Emergency Management Agency (FEMA). Established by the Infrastructure Investment and Jobs Act of 2021, the State and Local Cybersecurity Grant Program (SLCGP) provides funding to states and territories to address cybersecurity risks and threats to information systems.

State and Local Cybersecurity Grant Program | CISA no-cost Cyber Services Secure by design Secure Your Business Shields Up Report A Cyber Issue State and Local Cybersecurity Grant Program DHS Announces $91.

7 million in Grant Funding for the Fiscal year 2025 State and Local Cybersecurity Grant Program On September 16, 2022, the Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, tribal, and territorial (SLTT) governments across the country. Our nation faces unprecedented threats to the homeland from increasingly sophisticated criminal groups and nation-state actors.

SLTT entities stand at the forefront of cyber defense. Their partnership with DHS includes enforcing laws, assisting the federal government in securing cyberspace, and dismantling transnational criminal organizations.

Cybersecurity threats, including ransomware intrusions, and widespread software vulnerabilities affecting SLTT systems and critical infrastructure are increasingly exploited by malicious actors, operating both domestically and abroad. On August 1, 2025, DHS announced an additional $12. 1 million of awards through the TCGP.

Learn more about this program on our TCGP page: Tribal Cybersecurity Grant Program | CISA . Read about the authorization for SLCGP Congress established the State and Local Cybersecurity Grant Program and appropriated $1 billion for the program to be distributed over four years.

These entities face unique challenges that could limit their participation in critical homeland security missions and are at varying levels of preparedness in defending against increasingly sophisticated and ever-changing cyber threats.

DHS, through the Cybersecurity and Infrastructure Security Agency (CISA) in coordination with the Federal Emergency Management Agency (FEMA), is taking steps to help stakeholders across the country understand the severity of their unique local cyber threats and cultivate partnerships to reduce related risks across the SLT enterprise. Read below or print the SLCGP Fact Sheet and Frequently Asked Questions .

FY 2025 Notice of Funding Opportunity . Read the U.S. Department of Homeland Security's press release announcing the cyber grant in its fourth year: DHS Announces Additional $91. 7 Million in Funding to Boost State, Local Cybersecurity Release Date: August 1st, 2025 Read: How will the SLCGP be administered?

DHS will implement the SLCGP through CISA and the FEMA. While CISA will serve as the program management subject-matter expert in cybersecurity related issues, FEMA will provide grant administration and oversight for appropriated funds, including award and allocation of funds to eligible entities, financial management, and oversight of funds execution.

The program is designed to allocate funding to the most vulnerable and least mature cyber entities: local governments. States and territories will use their State Administrative Agencies (SAAs) to receive SLCGP funds from the federal government and then distribute at least 80% of the funding to local governments in accordance with state law, procedures, and federal legislative requirements.

This is the same way in which funding is distributed to local governments in the Homeland Security Grant Program administered by FEMA. Application Process and Timeline DHS issued the latest SLCGP Notice of Funding Opportunity (NOFO) in August 2025. The NOFO includes all requirements and details, including information on funding eligibility for states and territories.

The established SAA for states and territories will be the only entities that can apply for grant awards under the SLCGP, with local entities receiving sub-awards through states. The legislation requires states to distribute at least 80% of funds to local governments, with a minimum of 25% of the allocated funds distributed to rural areas. Eligible entities can apply via the FEMA Grant Outcomes (FEMA GO) System .

To be eligible for FY 2024 SLCGP funding, each eligible entity is required to fulfill the FY 2022 NOFO requirements. Applications may include a completed or revised Cybersecurity Plan (if applicable), capabilities assessment, and individual projects approved by the Cybersecurity Planning Committee and Chief Information Officer (CIO), Chief Information Security Officer (CISO), or equivalent.

CISA and FEMA will review each submission, then CISA will work with states and territories to address any missing content and/or approve final or revised Cybersecurity Plans and individual projects. This year one requirement must be completed and submitted before states and territories are eligible for year four funds.

Once approved, FEMA will remove any holds placed on funding and eligible entities can execute projects and make sub-awards. Key Requirement: Assessments and Evaluations Applicants must conduct assessments and evaluations that provide a basis for individual projects throughout the life of the program. This requirement is intended to help eligible entities understand their current cybersecurity posture and areas for improvement.

Key Requirement: Cybersecurity Best Practices As states, territories, and local entities increase their cybersecurity maturity, CISA recommends they move toward implementing more advanced best practices.

To assist in the development and revision of SLT cyber planning efforts, the following Cybersecurity Best Practices are provided in the NOFO: Implement multifactor authentication Use data encryption for data at rest and in transit End the use of unsupported/end of life software and hardware that are accessible from the internet Prohibit use of known/fixed/default passwords and credentials Ensure the ability to reconstitute systems (backups) Actively engage in rapid bidirectional sharing between CISA and SLT entities to drive down cyber risk Migrate to the .

gov internet domain CISA's Cybersecurity Performance Goals (CPGs) are a prioritized subset of information technology and operational technology cybersecurity practices aimed at meaningfully reducing risks to both critical infrastructure operations and the American people.

The CPGs help establish a common set of fundamental cybersecurity practices for critical infrastructure that recipients should aim to implement to ensure a strong cybersecurity risk posture. The resources committed through the FY 2024 SLCGP will assist SLT entities in implementing the cyber baselines outlined in CISA's CPGs, as well as enhance CISA's visibility into the challenges entities may face in executing these practices.

Key Requirement: Cybersecurity Plan The Cybersecurity Plan is a statewide strategic document that must be approved by the Cybersecurity Planning Committee and the entity's CIO/CISO or equivalent individual. All applicants must resubmit their approved Cybersecurity Plan (revised, if needed) no later than January 30, 2026.

It must contain the following components: Incorporate, to the extent practicable, any existing plans to protect against cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local and tribal governments. How input and feedback from local governments and associations of local governments was incorporated.

Include all of the specific required elements Describe, as appropriate and to the extent practicable, the individual responsibilities of the state and local governments within the state in implementing the Cybersecurity Plan. Assess each of the required elements from an entity-wide perspective. Outline, to the extent practicable, the necessary resources and a timeline for implementing the plan.

Summary of associated projects. Metrics that the eligible entity will use to measure progress. See link to the Cybersecurity Plan Template under Tools and Resources.

Fact Sheets & Program Guidance State and Local Cybersecurity Grant Program Fact Sheet FY 2025 Key Changes Document State and Local Cybersecurity Grant Program Frequently Asked Questions SLCGP and TCGP Goals and Objectives SLCGP and TCGP Committee and Charter Requirements SLCGP Email: SLCGPinfo@cisa. dhs. gov TCGP Email: TCGPinfo@cisa.

dhs. gov (Please note other links will be added as they become available) The following list of CISA resources are recommended products, services, and tools at no cost to the state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations. Ransomware Guide (Sept.

2020) No-Cost Cybersecurity Services and Tools Information Technology Sector Specific Goals Cybersecurity Plan Template To report an incident, visit www. cisa. gov/report Grants Program Directorate Information Bulletins FEMA Standard Terms and Conditions (updated each fiscal year) FEMA State and Local Cybersecurity Grant Program Funding Allocations FEMA has assigned state- and territory-specific Preparedness Officers for the SLCGP.

If you do not know your Preparedness Officer, please email FEMA-SLCGP@fema. dhs. gov or FEMA Grants News at FEMA-Grants-News@fema.

dhs. gov. TCGP applicants and recipients may contact their FEMA Preparedness Officers for more information by email at FEMA-TCGP@fema. dhs.

gov .