The announcement of the State and Local Cybersecurity Grant Program (SLCGP) created a groundswell of interest and conversation in its first year, and anticipation for the forthcoming year two NOFO. So where does the grant stand today, what’s changed and what’s coming next? This post is an update to Springbrook’s Feb. 2023 grant update post.
There have been some changes between FY 2022 and 2023, representing what a progression in a government agency’s planned progress towards an effective cybersecurity program. According to the recently released FEMA FAQ Grant Update:
“The FY 2023 SLCGP builds on the previous FY 2022 SLCGP to further support the 2020-2024 DHS Strategic Plan and achieve Goal 3: Secure Cyberspace and Critical Infrastructure. Thus, FY 2023 SLCGP applicants must have accomplished FY 2022 requirements before addressing FY 2023 SLCGP objectives.
The primary difference between program years is the shifting focus on objectives. FY 2022 focused on Objective 1, while FY 2023 focuses on Objectives 2 and 3. Once requirements for FY 2022 are met, applicants are required to focus on addressing the next program objectives in FY 2023.”
According to FEMA, in FY 2022 the program set forth goals to establish the groundwork for a cybersecurity program. This included the following priorities for receiving grant funding:
- Establish a Cybersecurity Planning Committee that can lead entity-wide efforts.
- Develop a Cybersecurity Plan that addresses the entire jurisdiction and incorporates cybersecurity best practices.
In FY 2023, priorities include the following, all of which are statutory conditions for receiving grant funding:
- Conduct assessments and evaluations to identify gaps that can be mitigated by individual projects throughout the life of the grant program.
- Adopt key Cybersecurity Best Practices and consult Cybersecurity Performance Goals.
“At this early stage, the GAO is starting to design its review and will likely look at details around the application process and governments’ cybersecurity postures,” said Marisol Cruz Cain, director of the GAO’s Information Technology and Cybersecurity team, in an interview with GovTech.
These may include:
- percentage of entities with approved cybersecurity plans
- percentage with established cybersecurity planning committees
- percentage capable of monitoring their network traffic for potential threats
- percentage implementing MFA
- percentage with .gov domains
In terms of funding, 48 states have successfully applied and now must get their cybersecurity plans submitted and approved for fresh funding.
“We are hoping that the year two NOFO will be released soon. In the meantime, states are working to get their plans submitted to CISA/FEMA for year one by September 30th, “says Alex Whitaker, Director of Government Affairs: NASCIO.