$1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants
As threats continue to evolve, state and local governments benefit from federal grant funding to bolster their cybersecurity posture.
When a state, local, tribal and territorial (SLTT) government falls victim to a cyberattack, it impacts its digital networks and infrastructure. It also puts sensitive databases, personal identifiable information (PII) and constituents' trust at risk. As the attack surface expands and attacks become more sophisticated, local governments are falling prey to threat actors.
The State and Local Cybersecurity Grant Program (SLGCP) is formally open, making $185 million in federal grant funding available for SLTT governments. It is the first installment of a four-year, $1 billion program created as a part of the Infrastructure Investment and Jobs Act (IIJA). Funding provided through this program enables SLTT governments to implement cybersecurity solutions that address the growing threats and risks to their information systems.
Specifics on the application process
Now that the application period is open, in order to receive funding, eligible agencies (defined as states or territories) must:
- Submit an initial application through the portal at www.grants.gov.
- Submit a final application through the Non-Disaster (ND) Grants System by November 15, 2022.
- Establish a Cybersecurity Planning Committee.
- Submit a Cybersecurity Plan that meets the 16 requirements defined in IIJA and in the Notice of Funding Opportunity (NOFO) and addresses the needs of local governments, including vulnerability management, prioritization and critical infrastructure protection.
More information about the application process and requirements can be found in the Department of Homeland Security Notice of Funding Opportunity (under the "Related Documents" tab) and on the Cybersecurity and Infrastructure Security's SLCGP website. The 16 requirements for the Cybersecurity Plan are found on pages 68-70 of the NOFO under the "Required Elements" section of Appendix C.
How Tenable can help meet Cybersecurity Plan requirements
Tenable is uniquely positioned to help SLTT governments meet SLGCP grant requirements, like vulnerability management, prioritization and protecting critical infrastructure. Specifically, Tenable's capabilities can help meet 13 of the 16 Cybersecurity Plan requirements, including:
- "Implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state."
- "Implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives."
- "Manage, monitor, and track information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state, and the information technology deployed on those information systems, including legacy information systems and information technology that are no longer supported by the manufacturer of the systems or technology."
To learn more about how Tenable helps address these requirements and more, review Meeting IIJA Grant Requirements with Tenable Technologies.
Our risk-based vulnerability management solutions help SLTT agencies bolster their cyber defenses and address common SLTT concerns, such as critical infrastructure protection, implementing a zero trust strategy, protecting against ransomware and securing Active Directory. SLTT governments can reduce risk and strengthen their defenses with the ability to see across their entire attack surface, predict which vulnerabilities attackers are most likely to exploit and act to remediate critical vulnerabilities.
Are You Vulnerable to the Latest Exploits?
Enter your email to receive the latest cyber exposure alerts in your inbox.