Overview

In the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), Congress established the State and Local Cybersecurity Grant Program (SLCGP) to “award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or tribal governments.” 

The SLCGP provides funding to state, local, tribal, and territorial (SLTT) governments to address cybersecurity risks and cybersecurity threats to SLTT-owned or operated information systems. All requirements and program guidance are established in the Notice of Funding Opportunity (NOFO) for the applicable fiscal year. The period of performance of each fiscal year is 48 months. 

The Connecticut Department of Emergency Services and Public Protection/Division of Emergency Management and Homeland Security (DESPP/DEMHS) is the designated State Administrative Agency (SAA) for this program. The SAA is responsible for managing the grant application and award. Working with the Cybersecurity Planning Committee, the SAA must ensure at least 80% of the federal funds awarded under the SLCGP are passed-through to local entities. In addition, at least 25% of the total funds made available under the grant must be passed through to rural communities. Per the Homeland Security Act of 2002, a rural area is defined in 49 U.S.C. § 5302 as an area encompassing a population of less than 50,000 people that has not been designated in the most recent decennial census as an “urbanized area” by the Secretary of Commerce

Program Objectives and Goals:

• Objective 1: Develop and establish appropriate governance structures, including developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations.
• Objective 2: Understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments.
• Objective 3: Implement security protections commensurate with risk.
• Objective 4: Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility

Eligibility and Cost Share

Eligibility

The State of Connecticut is the sole eligible entity with the ability to submit SLCGP applications to DHS/FEMA. Eligible sub-entities able to apply for SCLGP funding include, State, tribal, and local governments. “Local government” is defined in 6 U.S.C. § 101(13) as 

• A county, municipality, city, town, township, local public authority, school district,
  special district, intrastate district, council of governments, regional or interstate
  government entity, or agency or instrumentality of a local government;
• An Indian tribe or authorized tribal organization, or in Alaska a Native village or Alaska
  Regional Native Corporation; and
• A rural community, unincorporated town or village, or other public entity.

Organizations listed above should complete a sub-application and submit to DEMHS in order to be eligible to receive SCLGP funding as a sub-recipient. Tribal Governments may apply under the SLCPG or separately under the Tribal Cybersecurity Grant Program. 

Cost Share

This program has a sliding cost share match requirement that changes with each fiscal year. For the FY 2022 funding, the federal share of any activity cannot exceed 90%. For example, if a local entity estimates the total cost of a project is $100,000, the local entity’s cost share will be 10% or $10,000. The cost share must be at the activity (i.e., project) level. The cost share cannot be shared across multiple projects being implemented by the same entity. For a breakdown of cost shares by fiscal year, see below: