The State and Local Cybersecurity Grant Program (SLCGP) aims to help states, local governments, rural areas, and communities address cybersecurity risks and threats to data, networks, and information systems. Through strategic stakeholder engagement, SLCGP hopes to implement cyber governance and planning. Increase assessment and evaluation capabilities, prioritize identified cyber risks, and help to address cyber workforce deltas. This will improve the security of government, critical infrastructure, systems, and services that Nebraskans rely on.
The State Administrative Agency (SAA) is the only eligible entity to apply to FEMA/CISA for the SLCGP on behalf of the State. The SAA is the Nebraska Emergency Management Agency (NEMA) in Nebraska. Eligible entities may apply to NEMA as a sub-recipient of the grant.
The entities within the State that are eligible to apply as sub-recipients include counties, municipalities, cities, town, townships, local public authorities, school districts, special districts, intrastate districts, a council of governments, regional or interstate government entity, or agency or instrumentality of a local government, tribal government or organization. Rural communities, such as unincorporated towns, villages, or other public entities, are eligible to apply as sub-recipients.
A common question that has come up recently is regarding multi-entity groups. The state SAA may partner with one or more other SAAs to form a multi-entity group. Each eligible entity (SAA) involved must establish its own Cybersecurity Planning Committee and develop a Cybersecurity Plan. Other groups may submit project proposals as long as all entities are within the State of Nebraska.
The cost share or match requirements are project/activity based. This means that if the funds are sub-awarded to a local government or other eligible sub-recipient, then that eligible entity is responsible for the cost-share for their project/sub-award. The State or group of entities is not eligible to pay the fund match on behalf of an entity receiving funds.
Due to varying budgeting cycles, previously budgeted funds may be leveraged as part of the cost share requirement as long as funds are eligible to be spent on qualifying expenses for the project in which grant funds were awarded. Previously budgeted funds may not be federal funds.
There are specific categories on which SLCGP funds can and cannot be spent. Eligible expenditures will fall into seven allowable categories: Planning, Equipment, Exercises, Management & Administration, Organization, and Training.
Non-eligible expenditures would be items like using the grant funds to supplant state or local funds, using funds as a cost-sharing contribution, paying a ransom from an incident for recreational or social purposes, and paying for cybersecurity insurance premiums. Funds may not be used to acquire land or to construct, remodel, or perform alternations of buildings or other physical facilities; or for any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalf of, the eligible entity that receives the grant or a local government within the jurisdiction of the eligible entity.