Government Grants
Business Grants
Home Owner Programs
Federal Programs
About Us
Fiscal Year (FY) 2022 State and Local Cybersecurity Grant Program
A Cybersecurity Plan of an eligible entity shall --``(A) incorporate, to the extent practicable --``(i) any existing plans of the eligible entity to protect against cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, State, local, or Tribal governments;
and``(ii) if the eligible entity is a State, consultation and feedback from local governments and associations of local governments within the jurisdiction of the eligible entity;``(B) describe, to the extent practicable, how the eligible entity will --``(i) manage, monitor, and track information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, and the information technology deployed on those information systems, including legacy information systems and information technology that are no longer supported by the manufacturer of the systems or technology;``(ii) monitor, audit, and, track network traffic and activity transiting or traveling to or from information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity;``(iii) enhance the preparation, response, and resiliency of information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, against cybersecurity risks and cybersecurity threats;``(iv) implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity;``(v) ensure that the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, adopt and use best practices and methodologies to enhance cybersecurity, such as --``(I) the practices set forth in the cybersecurity framework developed by the National Institute of Standards and Technology;``(II) cyber chain supply chain risk management best practices identified by the National Institute of Standards and Technology; and``(III) knowledge bases of adversary tools and tactics;``(vi) promote the delivery of safe, recognizable, and trustworthy online services by the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, including through the use of the .gov internet domain;``(vii) ensure continuity of operations of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, in the event of a cybersecurity incident, including by conducting exercises to practice responding to a cybersecurity incident;``(viii) use the National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity developed by the National Institute of Standards and Technology to identify and mitigate any gaps in the cybersecurity workforces of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, enhance recruitment and retention efforts for those workforces, and bolster the knowledge, skills, and abilities of personnel of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, to address cybersecurity risks and cybersecurity threats, such as through cybersecurity hygiene training;``(ix) if the eligible entity is a State, ensure continuity of communications and data networks within the jurisdiction of the eligible entity between the eligible entity and local governments within the jurisdiction of the eligible entity in the event of an incident involving those communications or data networks;``(x) assess and mitigate, to the greatest degree possible, cybersecurity risks and cybersecurity threats relating to critical infrastructure and key resources, the degradation of which may impact the performance of information systems within the jurisdiction of the eligible entity;``(xi) enhance capabilities to share cyber threat indicators and related information between the eligible entity and --``(I) if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, including by expanding information sharing agreements with the Department; and``(II) the Department;``(xii) leverage cybersecurity services offered by the Department;``(xiii) implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives;``(xiv) develop and coordinate strategies to address cybersecurity risks and cybersecurity threats in consultation with --``(I) if the eligible entity is a State, local governments and associations of local governments within the jurisdiction of the eligible entity; and ``(II) as applicable --``(aa) eligible entities that neighbor the jurisdiction of the eligible entity or, as appropriate, members of an information sharing and analysis organization; and``(bb) countries that neighbor the jurisdiction of the eligible entity;``(xv) ensure adequate access to, and participation in, the services and programs described in this subparagraph by rural areas within the jurisdiction of the eligible entity; and``(xvi) distribute funds, items, services, capabilities, or activities to local governments under subsection (n)(2)(A), including the fraction of that distribution the eligible entity plans to distribute to rural areas under subsection (n)(2)(B);``(C) assess the capabilities of the eligible entity relating to the actions described in subparagraph (B);``(D) describe, as appropriate and to the extent practicable, the individual responsibilities of the eligible entity and local governments within the jurisdiction of the eligible entity in implementing the plan;``(E) outline, to the extent practicable, the necessary resources and a timeline for implementing the plan; and``(F) describe the metrics the eligible entity will use to measure progress towards --``(i) implementing the plan; and``(ii) reducing cybersecurity risks to, and identifying, responding to, and recovering from cybersecurity threats to, information systems owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity.
and``(ii) if the eligible entity is a State, consultation and feedback from local governments and associations of local governments within the jurisdiction of the eligible entity;``(B) describe, to the extent practicable, how the eligible entity will --``(i) manage, monitor, and track information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, and the information technology deployed on those information systems, including legacy information systems and information technology that are no longer supported by the manufacturer of the systems or technology;``(ii) monitor, audit, and, track network traffic and activity transiting or traveling to or from information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity;``(iii) enhance the preparation, response, and resiliency of information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, against cybersecurity risks and cybersecurity threats;``(iv) implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity;``(v) ensure that the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, adopt and use best practices and methodologies to enhance cybersecurity, such as --``(I) the practices set forth in the cybersecurity framework developed by the National Institute of Standards and Technology;``(II) cyber chain supply chain risk management best practices identified by the National Institute of Standards and Technology; and``(III) knowledge bases of adversary tools and tactics;``(vi) promote the delivery of safe, recognizable, and trustworthy online services by the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, including through the use of the .gov internet domain;``(vii) ensure continuity of operations of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, in the event of a cybersecurity incident, including by conducting exercises to practice responding to a cybersecurity incident;``(viii) use the National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity developed by the National Institute of Standards and Technology to identify and mitigate any gaps in the cybersecurity workforces of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, enhance recruitment and retention efforts for those workforces, and bolster the knowledge, skills, and abilities of personnel of the eligible entity and, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, to address cybersecurity risks and cybersecurity threats, such as through cybersecurity hygiene training;``(ix) if the eligible entity is a State, ensure continuity of communications and data networks within the jurisdiction of the eligible entity between the eligible entity and local governments within the jurisdiction of the eligible entity in the event of an incident involving those communications or data networks;``(x) assess and mitigate, to the greatest degree possible, cybersecurity risks and cybersecurity threats relating to critical infrastructure and key resources, the degradation of which may impact the performance of information systems within the jurisdiction of the eligible entity;``(xi) enhance capabilities to share cyber threat indicators and related information between the eligible entity and --``(I) if the eligible entity is a State, local governments within the jurisdiction of the eligible entity, including by expanding information sharing agreements with the Department; and``(II) the Department;``(xii) leverage cybersecurity services offered by the Department;``(xiii) implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives;``(xiv) develop and coordinate strategies to address cybersecurity risks and cybersecurity threats in consultation with --``(I) if the eligible entity is a State, local governments and associations of local governments within the jurisdiction of the eligible entity; and ``(II) as applicable --``(aa) eligible entities that neighbor the jurisdiction of the eligible entity or, as appropriate, members of an information sharing and analysis organization; and``(bb) countries that neighbor the jurisdiction of the eligible entity;``(xv) ensure adequate access to, and participation in, the services and programs described in this subparagraph by rural areas within the jurisdiction of the eligible entity; and``(xvi) distribute funds, items, services, capabilities, or activities to local governments under subsection (n)(2)(A), including the fraction of that distribution the eligible entity plans to distribute to rural areas under subsection (n)(2)(B);``(C) assess the capabilities of the eligible entity relating to the actions described in subparagraph (B);``(D) describe, as appropriate and to the extent practicable, the individual responsibilities of the eligible entity and local governments within the jurisdiction of the eligible entity in implementing the plan;``(E) outline, to the extent practicable, the necessary resources and a timeline for implementing the plan; and``(F) describe the metrics the eligible entity will use to measure progress towards --``(i) implementing the plan; and``(ii) reducing cybersecurity risks to, and identifying, responding to, and recovering from cybersecurity threats to, information systems owned or operated by, or on behalf of, the eligible entity or, if the eligible entity is a State, local governments within the jurisdiction of the eligible entity.
Agency: Department of Homeland Security
Office: Department of Homeland Security - FEMA
Estimated Funding: $185,024,069
Office: Department of Homeland Security - FEMA
Estimated Funding: $185,024,069
Who's Eligible
Obtain Full Opportunity Text:
askcsid@fema.dhs.gov
Additional Information of Eligibility:
Eligible applicants may be Qualified Fair Housing Enforcement Organizations (QFHOs) and Fair Housing Enforcement Organizations (FHOs), public or private not-for-profit organizations or institutions, and other public or private entities that are formulating or carrying out programs to prevent or eliminate discriminatory housing practices; agencies of State or local governments; and agencies that participate in the Fair Housing Assistance Program (FHAP). All applicants are required to complete Appendix B, EOI Eligibility Certification and submit as a part of their application.
An applicant's failure to meet an eligibility criterion by the time of an application deadline will result in the return of the application without review or, even though an application may be reviewed, will preclude HUD from making an award.
Individuals, foreign entities, and sole proprietorship organizations are not eligible to compete for, or receive, awards made under this announcement.
Full Opportunity Web Address:
askcsid@fema.dhs.gov
Contact:
Agency Email Description:
askcsid@fema.dhs.gov
Agency Email:
Date Posted:
2022-09-16
Application Due Date:
Archive Date:
2022-12-15
Social Entrepreneurship
Spotlight
Building a Million Dollar Company Where Everyone Counts
Ganesh Natarajan is the Founder and Chairman of 5FWorld, a new platform for funding and developing start-ups, social enterprises and the skills eco-system in India. In the past two decades, he has built two of India’s high-growth software services companies – Aptech and Zensar – almost from scratch to global success.
Learn How to Identify and Avoid Grant Scams
