State and Local Cybersecurity Grant Program (SLCGP) - FY 2025
| Agency: | U.S. Department of Homeland Security |
|---|---|
| CFDA: | 97.137 |
| Federal FON: | DHS-25-GPD-137-00-99 |
| Office: | Federal Emergency Management Agency (FEMA) |
| Multipart Grant: | No |
| Next Due: | 08/15/2025 (Application) |
|---|---|
| Solicitation Date: | 08/01/2025 |
| Match Required: | Yes |
| Match Type: | Cash/In-Kind |
| Actual Funds: | $91,750,000 (Estimated) |
| Number of Awards: | 56 (Estimated) |
Summary:
The purpose of this program is to strengthen the cybersecurity practices and resilience of state, local, and territorial (SLT) governments. This program enables the funding agency to make targeted cybersecurity investments in SLT governments, thus improving the security of critical infrastructure and improving the resilience of the services SLT governments provide their communities.
Applicants are required to address at least one of the following objectives:
- Objective 1: develop and establish appropriate governance structures, including by developing, implementing, or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations
- Objective 2: understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments
- Objective 3: implement security protections commensurate with risk
- Objective 4: ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility
Award recipients will be required to develop a cybersecurity plan, establish a cybersecurity planning committee to support development of the plan, and identify projects to implement using program funding. Cybersecurity plans must include the following activities:
- Conducting assessments and evaluations as the basis for individual projects throughout the life of the program
- Prioritizing key cybersecurity best practices and consulting the cybersecurity performance goals (CPGs), which can be found online at www.cisa.gov/cross-sector-cybersecurity-performance-goals
Funding may be used for developing, updating, and implementing a cybersecurity plan. Allowable investments made in support of this goal must fall into the categories of planning, organization, equipment, training, or exercises (POETE), aligned to closing capability gaps or sustaining capabilities.
Last Updated: August 12, 2025
Eligibility Notes:
Eligible applicants are all 56 states and territories, including the 50 states, the District of Columbia, American Samoa, the Commonwealth of the Northern Mariana Islands, the Commonwealth of Puerto Rico, Guam, and the U.S. Virgin Islands. Applications must be submitted by the governor-designated state administrative agency (SAA).
Multiple eligible entities may group together to address shared cybersecurity risks and threats to information systems within the states and territories which are the eligible entities. The multientity project submissions must be approved by each of the participating state or territory's cybersecurity planning committees, and each of the multientity project submissions must be aligned with each of the participating state's or territory's respective cybersecurity plan.
Only one application may be submitted by each eligible entity, and no more than four investment justifications may be submitted with the application.
Eligible Applicants:
ConsortiaState Government
Application Notes:
Applications must be received by 5:00 p.m. ET on August 15, 2025.
Applications must be submitted online at go.fema.gov.
Applications must include:
- SF 424
- Grants.gov lobbying form
- SF 424A
- SF 424B
- SF LLL
- Cybersecurity project submissions (if applicable):
- Investment justifications
- Project worksheets
- Cybersecurity planning committee membership list and charter
- Cybersecurity plan (if applicable)
The following are required in order to submit an application:
- Unique Entity Identifier (UEI) number
- SAM (System for Award Management) registration
- SPOC (state Single Point of Contact) notification
Applicants may obtain a UEI number and verify or renew SAM registration status at www.ecivis.com/sam. Applicants in states participating in the SPOC program must contact the relevant SPOC listed in the SPOC file before applying.
Applications will be evaluated according to programmatic criteria, financial integrity criteria, and supplemental financial integrity criteria, as detailed on pages 29-31 of the NOFA file.
Refer to the NOFA file for additional application information.
| Match Required: | Yes |
|---|---|
| Match Type: | Cash/In-Kind |
| Actual Funds: | $91,750,000 (Estimated) |
| Number of Awards: | 56 (Estimated) |
|---|
Match Notes:
In general, applicants must provide at least 40 percent of the total project costs via cash or in-kind contributions. The matching requirement for multientity projects is 30 percent. The matching requirement applies to each project funded by the award, rather than just to the cumulative total of all projects.
The matching requirement is waived for the insular areas of the U.S. territories of American Samoa, the Commonwealth of the Northern Mariana Islands, Guam, and the U.S. Virgin Islands.
Matching contributions may not include other federal funds, unless specifically authorized by the legislation governing that other source of federal funding.
Funding Notes:
A total of $91.75 million is expected to be available to support an anticipated 56 awards through this program. Each state and territory will receive a baseline allocation using thresholds established in section 2200A(1) of the Homeland Security Act of 2022. Refer to pages 12-13 of the NOFA file for a list of the allocations available to each state and territory.
The anticipated award date is September 9, 2025.
The project period is expected to begin on September 1, 2025, and end on August 31, 2029. Extensions to the project period are not allowed.
In general, award recipients must pass-through at least 80 percent of the total award amount. With the consent of the local government, this pass-through may be in the form of in-kind services, capabilities, or activities, or a combination of funding and other services. In addition, 25 percent of the total award amount must go to rural areas.
Management and administrative (M&A) costs are limited to 5 percent of the total award amount.
Pre-award costs are allowable only with the prior written approval of the funding agency and as included in the award agreement.
Funds may not be used for:
- Subawards to nonprofit or for-profit organizations
- Matching or cost-sharing requirements for other federal grants and cooperative agreements
- Lobbying
- Prosecuting claims against the federal government or any other government entity
- Spyware
- Construction
- Renovation
- Paying a ransom
- Recreational or social purposes
- Paying for cybersecurity insurance premiums
Refer to pages 19-20 of the NOFA file for additional information regarding unallowable costs.
Contacts:
(See Contact Notes)
Agency Address
Federal Emergency Management Agency
P.O. Box 10055
Hyattsville, MD 20782-8055
Contact Notes:
Questions should be directed to the appropriate program contact listed on pages 5-6 of the NOFA file.
Applications must be submitted online at go.fema.gov.
The agency address provided is for reference purposes only.
Files:
Application File: US17669_Application_FY2025.zip (374.1 Kb)NOFA File: US17669_NOFA_FY2025.pdf (1.2 Mb)
Federal Forms:
SPOC (67.7 Kb)File Notes:
The NOFA file contains the revised full solicitation for this program. The Application folder contains the required forms for submission. The SPOC file contains information on the state Single Point of Contact program. Detailed guidelines for the funding agency’s application submission portal can be found online at www.fema.gov/grants/guidance-tools/fema-go.
August 12, 2025
A revised solicitation for this program has been released and attached as the NOFA file.
Grant Keywords
State and Local Cybersecurity Grant Program, DHS, US DHS, USDHS, FEMA, GPD, SLCGP, Bipartisan Infrastructure Law, BIL, IIJA, Infrastructure Investment and Jobs Act, SLT, state government, local government, territorial government, territory, territories, conflict, emergency, incident, national incident, national security, cyber security, cybersecurity, security enhancement, public sector, government function, critical infrastructure, community preparedness, early warning system, alert, information gathering, risk management, preparedness training, emergency response, intervention, incident management, information technology, IT, mitigate, mitigation, hacker, cyber attack, cyberattack, web security, internet security, virus, trojan, malware, ransomware, data, public data, public information system, internet, web, world wide web, cyber warfare, advanced, cutting edge, scientific frontier, technologies, technology, computer, connectivity, cyberspace, information science, network, networking, online, technological, cybersecurity awareness, cybersecurity professional, IT professional, employee development, employee training, professional development, professional training, staff development, staff training, intent hygiene, cyber hygiene, damage control, online attack, online warfare, data security, encryption, encrypted, data access, network access, cybersecurity plan, cybersecurity committee, cybersecurity posture, cybersecurity review, cybersecurity weakness, cybersecurity vulnerability, cyber risk, cybersecurity practice, cyber resilience, critical service, critical infrastructure resilience, government resilience, government continuity, cybersecurity incident, cybersecurity training, cybersecurity best practice, cybersecurity preparedness, Homeland Security Act, American Samoa, Guam, Northern Mariana Islands, Puerto Rico, U.S. Virgin IslandsGrant Categories
Disaster PreparednessTraining & Vocational Services
Information Technology/Telecommunications
Domestic Preparedness/Homeland Security