Grant Details

New and Updated | Grant Search

Tribal Cybersecurity Grant Program (TCGP) (Limited Eligibility) - FY 2025

Agency: U.S. Department of Homeland Security
CFDA: 97.156
Federal FON: DHS-25-GPD-137-00-98
Office: Federal Emergency Management Agency (FEMA) Grant Program Directorate (GPD) Cybersecurity and Infrastructure Security Agency (CISA)
Multipart Grant: No
Next Due: 08/15/2025 (Application)
Solicitation Date: 08/01/2025
   
Match Required: Yes
Match Type: Cash/In-Kind
Actual Funds: $12,164,971 (Estimated)
Number of Awards: 18 (Estimated)
Summary:

The purpose of this program is to strengthen the cybersecurity practices and resilience of tribal governments. This program is intended to make targeted cybersecurity investments in tribal governments to improve the security of critical infrastructure and improve the resilience of the services that tribal governments provide their communities. Program objectives include supporting tribal governments by:

  • Developing and establishing appropriate governance structures, including by implementing or revising cybersecurity plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations
  • Understanding current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments
  • Implementing security protections commensurate with risk.
  • Ensuring tribal organization personnel are appropriately trained in cybersecurity,  commensurate with responsibility

Award recipients must develop or revise a cybersecurity plan, establish a cybersecurity planning committee to support development of the cybersecurity plan, and identify projects to implement using program funding. The proposed cybersecurity plan must include the following activities:

  • An assessment of the capabilities of the tribal government relating to the 13 required cybersecurity plan elements
  • Adopting key cybersecurity best practices and consulting cybersecurity performance goals (CPGs), as detailed on pages 14-15 of the NOFA file

All projects should include the following cybersecurity best practices, as appropriate:

  • Implementing multifactor authentication
  • Implementing enhanced logging
  • Data encryption for data at rest and in transit
  • End use of unsupported/end of life software and hardware that are accessible from the internet
  • Prohibiting use of known/fixed/default passwords and credentials
  • Ensuring the ability to reconstitute systems (backups)
  • Actively engaging in bidirectional sharing between the Cybersecurity and Infrastructure Security Agency (CISA) and tribal governments in cyber relevant time frames to drive down cyber risk
  • Migration to the .gov internet domain

This program is intended to primarily focus on security preparedness that will reduce cyber risks by helping tribal governments to address cybersecurity vulnerabilities and build cybersecurity capabilities; however, funds may be reprogrammed to support a specific imminent cybersecurity threat, as detailed on pages 16-17 of the NOFA file. 

Funding may be used for developing, updating, and implementing a cybersecurity plan. Allowable investments made in support of these activities must fall into the categories of planning, organization, equipment, training, or exercises (POETE), aligned to closing capability gaps or sustaining capabilities, as detailed on pages 54-55 of the NOFA file. 

Eligibility is limited to select federally recognized tribal governments with meritorious projects that did not receive funding during the FY 2022/2023 funding cycle for this program. Refer to the Eligibility section for details. 

Eligibility Notes:

Eligible applicants are select federally recognized tribal governments with meritorious projects that did not receive funding during the FY 2022/2023 funding cycle for this program. Refer to page 13 of the NOFA file for a list of eligible tribal governments for the FY 2025 funding cycle. 

Applicants may apply as a single entity or for multientity projects. 

No more than one application will be accepted per eligible tribal government.

Subapplicants and subawards are allowable. The following entities are not eligible to serve as a subapplicant:

  • Entities that have foreign nationals, unless the foreign nationals are properly vetted and adhere to all government statues, polices, and procedures
  • Entities that have non-citizens

Nonprofit and for-profit organizations are not eligible to serve as subrecipients for subawards. 

Previous award recipients include:

  • Coyote Valley Band of Pomo Indians
  • Southern Ute Indian Tribe
  • Choctaw Nation of Oklahoma
  • Sokaogon Chippewa Community
  • Colusa Indian Community 

Refer to the Award file for additional information regarding previous award recipients.

Eligible Applicants:
Consortia
Native American Tribe
Application Notes:

Applications must be received by 5:00 p.m. ET on August 15, 2025.

Applications must be submitted online at go.fema.gov.

Applications must include:

  • SF 424
  • Certification regarding lobbying
  • SF LLL
  • Indirect cost rate agreement or proposal (if applicable)

The following are required in order to submit an application:

  • Unique Entity Identifier (UEI) number
  • SAM (System for Award Management) registration
  • SPOC (state Single Point of Contact) notification

Applicants may obtain a UEI number and verify or renew SAM registration status at www.ecivis.com/sam. Applicants in states participating in the SPOC program must contact the relevant SPOC listed in the SPOC file before applying.

Applications will be evaluated according to the following criteria:

  • Adherence to programmatic guidelines
  • Anticipated effectiveness of the proposed investments

Refer to the NOFA file for additional application information.

Match Required: Yes
Match Type: Cash/In-Kind
Actual Funds: $12,164,971 (Estimated)
Number of Awards: 18 (Estimated)
Match Notes:

Matching requirements will vary according to applicant type, as follows:

  • Applicants applying as a single entity must provide at least 40 percent of the total project costs via cash and/or in-kind contributions
  • Applicants for multientity projects must provide at least 30 percent of the total project costs via cash and/or in-kind contributions

The funding agency may waive the required match amount in full or in part if the applicant demonstrates economic hardship, as detailed on pages 7-9 of the NOFA file. 

In general, other federal funds may not be used as a match, unless specifically authorized by the legislation governing that other source of federal funding.

The following may not be used as a match:

  • In-kind contributions that have already used as match for another grant program or paid from other grant funds
  • Contributions that have already been used to meet the matching or cost sharing requirements for other federal grants and cooperative agreements
  • Costs for lobbying or other prohibited activities under Title 18,  Section 1913 of the U.S. Code (U.S.C.) or Title 2, Section 200.450 of the Code of Federal Regulations (C.F.R.)
  • Costs for prosecuting claims against the federal government or any other government entity
  • Costs to construct, remodel, or perform alterations of buildings and other physical facilities, except for costs of minor modification to an existing building or other physical facility necessary to install and connect equipment purchased under an award or subaward through this program, as detailed on pages 54-55 of the NOFA file
Funding Notes:

An estimated total of $12,164,971 is expected to be available to support approximately 18 awards through this program. 

In general, awards are expected to range from $38,947 to $2,743,512. Eligible applicants will be notified by the funding agency of the specific investments and allocations per investment under this program by August 4, 2025. Final allocation amounts will be determined and applicants will be notified of the final allocation amounts after the application deadline. Refer to page 13 for a list of target allocation amounts for each eligible tribal government. 

In general, funds will be provided on a reimbursement basis, as detailed on pages 35-36 of the NOFA file. 

Funding selections are anticipated to be made on September 4, 2025. Awards are anticipated to be made on September 19, 2025. 

The project period is projected to begin on September 1, 2025, and end on August 31, 2029. Requests for extensions of the project period will not be accepted. 

Management and administrative (M&A) costs are limited to 5 percent of the total award amount.

Funds may not be used to construct, remodel, or perform alterations of buildings and other physical facilities, except for costs of minor modification to an existing building or other physical facility necessary to install and connect equipment purchased under an award or subaward through this program, as detailed on pages 54-55 of the NOFA file. 

Funds may not be used for:

  • Meeting the matching or cost-sharing requirements for other federal grants and cooperative agreements
  • Lobbying or other prohibited activities under Title 18, Section 1913 of the U.S. Code (U.S.C.) or Title 2, Section 200.450 of the Code of Federal Regulations (C.F.R.)
  • Prosecuting claims against the federal government or any other government entity
  • Pre-award costs
  • Covered telecommunications and surveillance equipment and services, as detailed on page 21 of the NOFA file
  • Spyware
  • Paying a ransom
  • Recreational or social purposes
  • Paying for cybersecurity insurance premiums
  • Costs associated with the Tribal Information Sharing and Analysis Center (Tribal-ISAC) and the Center for Internet Security, including membership fees and services

Refer to pages 19-20 of the NOFA file for information regarding additional ineligible costs. 

For FY 2023, a total of $18,246,845 was provided via 32 awards ranging from $17,850 to $3,009,214 through this program. Refer to the Award file for details.

Contacts:

(See Contact Notes)

Agency Address
Federal Emergency Management Agency
P.O. Box 10055
Hyattsville, MD 20782-8055

Contact Notes:

Questions should be directed to the appropriate program contact listed on pages 5-6 of the NOFA file.

Applications must be submitted online at go.fema.gov.

The agency address provided is for reference purposes only.

Files:
NOFA File: US17581_NOFA_FY2025.pdf (1.2 Mb)
Award File: US17581_Award_FY2025.pdf (65.1 Kb)
Federal Forms:
SPOC (67.7 Kb)
File Notes:

The NOFA file contains the full solicitation for this program. The SPOC file contains information on the state Single Point of Contact program. The Award file contains information on previous award recipients. Detailed guidelines for the funding agency’s application submission portal can be found online at www.fema.gov/grants/guidance-tools/fema-go.

Grant Keywords
Tribal Cybersecurity Grant Program, TCGP, DHS, US DHS, USDHS, FEMA, GPD, CISA, SLCGP, Bipartisan Infrastructure Law, BIL, IIJA, Infrastructure Investment and Jobs Act, tribe, tribal, tribal government, Native American, American Indian, Indian, Native, Indigenous, conflict, emergency, cyber security, cybersecurity, security enhancement, critical infrastructure, community preparedness, early warning system, alert, information gathering, risk management, preparedness training, emergency response, intervention, incident management, information technology, IT, mitigate, mitigation, hacker, cyber attack, cyberattack, web security, internet security, virus, trojan, malware, ransomware, data, public data, public information system, internet, web, world wide web, cyber warfare, advanced, cutting edge, scientific frontier, technologies, technology, computer, connectivity, cyberspace, information science, network, networking, online, technological, cybersecurity awareness, cybersecurity professional, IT professional, employee development, employee training, professional development, professional training, staff development, staff training, intent hygiene, cyber hygiene, damage control, online attack, online warfare, data security, encryption, encrypted, data access, network access, cybersecurity plan, cybersecurity committee, cybersecurity posture, cybersecurity review, cybersecurity weakness, cybersecurity vulnerability, cyber risk, cybersecurity practice, cyber resilience, critical service, critical infrastructure resilience, government resilience, government continuity, cybersecurity incident, cybersecurity training, cybersecurity best practice, cybersecurity preparedness, Homeland Security Act
Grant Categories
Disaster Preparedness
Training & Vocational Services
Information Technology/Telecommunications
Domestic Preparedness/Homeland Security