The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
State and Local Cybersecurity Grant Program Background
State and Local Cybersecurity Grant Program Background
Funding from the State and Local Cybersecurity Grant Program (SLCGP) helps eligible entities address cybersecurity risks and threats to information systems owned or operated by or on behalf of state, local, and territorial (SLLT) governments. The Homeland Security Act of 2002, as amended by the Bipartisan Infrastructure Law, requires grant recipients to develop a Cybersecurity Plan, establish a Cybersecurity Planning Committee to support development of the plan, and identify projects to implement utilizing the SLCGP funding. To support these efforts, recipients are highly encouraged to prioritize the following activities, all of which are required as a condition of receiving a grant:
- Developing the Cybersecurity Plan
- Implementing or revising the Cybersecurity Plan
- Paying expenses directly related to administration of the grant, which cannot exceed 5% of the amount of the grant award
- Assisting with allowed activities that address imminent cybersecurity threats confirmed by Cybersecurity Infrastructure and Security Agency (CISA) and the Department of Homeland Security (DHS)
- Other appropriate activities as noted in the funding notice
Cybersecurity Planning CommitteeThe Cybersecurity Planning Committee is responsible for developing, implementing, and revising Cybersecurity Plans (including Individual Projects), formally approving the Cybersecurity Plan (along with the State Chief Information Officer and State Chief Information Security Officer), and assisting with determination of effective funding priorities (i.e., working within the State of Michigan jurisdiction to identify and prioritize individual projects). This will be managed through the Michigan Department of Technology, Management & Budget (DTMB).
The Cybersecurity Planning Committee is comprised of the following entities:
- The eligible entity (i.e., state or territory)
- County, city, and town representation (if the eligible entity is a state)
- Institutions of public education within the State of Michigan’s jurisdiction
- Institutions of public health within the State of Michigan’s jurisdiction
- As appropriate, representatives from the rural, suburban, and high population jurisdictions
The State of Michigan has formed its Cybersecurity Planning Committee and adopted a committee governance charter on October 19, 2022. The Committee includes 23 members with representation across all the required cybersecurity planning entities.
The State of Michigan Cybersecurity Planning Committee must explain how to address 16 cybersecurity elements. These elements include:
- How the applicant (State of Michigan, local governments as sub grant recipients) will manage, monitor, and track information systems, applications, and user accounts they own and operate
- How the applicant will monitor, audit, and track network activity traveling to and from information systems, applications, and user accounts
- How the applicant will enhance the preparation, response and resiliency of information systems, applications, and user accounts against cybersecurity threats
- How the applicant will implement continuous vulnerability assessments and threat mitigation to address cybersecurity threats to information systems, applications, and user accounts
An eligible entity (State of Michigan) that receives a grant under this program and any local government that receives funding from a grant under this program must use grant funds to:
- Implement the Cybersecurity Plan of the eligible entity (State of Michigan)
- Develop or revise the Cybersecurity Plan of the eligible entity
- Pay expenses directly related to the administration of the grant, which shall not exceed 5 percent of the amount of the grant
- Assist with activities that address imminent cybersecurity threats, as confirmed by the Secretary of Homeland Security, acting through the National Cyber Director, to the information systems owned or operated by, or on behalf of, the eligible entity or a local government within the jurisdiction of the eligible entity
Grant Funding Background
All 56 states and territories, including any state of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the U.S. Virgin Islands, Guam, American Samoa, and the Commonwealth of the Northern Mariana Islands, are eligible to apply for SLCGP funds. States are required to pass down 80% of the total funding to local governments and tribal governments which will then apply directly to their State Administrative Agency (SAA) for funding.
State/Territory applications for SLCGP Funding were required to be submitted by November 15, 2022 at 5:00 PM EST. CISA and the Federal Emergency Management Agency (FEMA) will review each submission and CISA will approve final Cybersecurity Plans* and individual projects.
The State of Michigan’s application for SLCGP Funding for FY2022 was approved with an exception* on December 19, 2022. With this exception, approved funding will be placed on hold by FEMA until the State submits a complete cybersecurity plan.
*States submitting grant applications with an exception have until September 2023 to submit their completed Cybersecurity Plans. Once approved, FEMA will remove any holds on funding and eligible entities can execute projects and make sub-awards.
A total of $1 billion has been allocated for this program from FY2022 through FY2025. Appropriated funding by Fiscal Year requires a percentage match that will increase annually.
Total estimated State of Michigan grant allocation (as of FY2022): $4,775,415
- FY22 - $185 Million | Match 10 Percent
- FY23 - $400 Million | Match 20 Percent
- FY24 - $300 Million | Match 30 Percent
- FY25 - $100 Million | Match 40 Percent
Sub-grant award recipients are required to provide the match for funding at the project level. The amount is calculated by a formula based on the amount requested for individual projects.
The legislation requires states to distribute at least 80% of funds to local governments, with a minimum of 25% of the allocated funds distributed to rural areas.
Requirements for Grant Fund Use
Any entity that receives SLCGP grant funds cannot use the grant for:
- Supplanting other state or local funds
- The substitution of recipient cost-sharing contributions
- Payment of a ransom from cyberattacks
- Recreational or social purposes, or for any purpose that does not address cybersecurity risks or cybersecurity threats on SLTT information systems
- Lobbying or intervention in federal regulatory or adjudicatory proceedings
- Suing the federal government or any other government entity
- Acquiring land or constructing, remodeling, or altering buildings or other physical facilities
- Cybersecurity insurance
- Any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalf of, the eligible entity or local government within the jurisdiction of the eligible entity.
Current Grant Submission Status
CISA and FEMA representatives have reviewed all 53 of 56 applications that were submitted by the deadline of November 15, 2022. CISA and FEMA approved the State of Michigan’s grant application on December 19, 2022.
The State of Michigan will work with the statewide Cybersecurity Planning Committee to develop a statewide cybersecurity plan and provide cybersecurity education and outreach engagements.
While there is no action required at this time for local public entities within Michigan to be eligible subrecipients of the grant, we encourage organizations to take advantage of the resource options listed below to help reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.
- Michigan SLCGP Participation Survey
- Membership to MS-ISAC
- Membership to ES-ISAC
- CISA Cyber Hygiene Services
- CISA Get Your Stuff Off Search
- CISA Cyber Resource Hub
- Nationwide Cybersecurity Review (NCSR)
Further information including how to participate in SLCGP funding opportunity will be posted on this site once available.
Additional ResourcesMore information about this federal program can be found on the CISA CyberGrants Website.
SLCGP Grant Contacts
For questions or input, please contact Michigan Cyber Partners at firstname.lastname@example.org.
For updates, please sign up for the distribution list below.