MGT’s IIJA Cyber Funding Assessment and Plan
Our specifically-designed IIJA Cyber Funding Assessment and Plan helps you navigate the application process, meet the cybersecurity requirements, and receive funding from The Infrastructure Investment and Jobs Act’s (IIJA) cybersecurity grant program.
The Infrastructure Investment and Jobs Act (IIJA) became law in November of 2021, authorizing approximately $1 billion in federal grants for cybersecurity. These grants focus on enhancing information technology (IT) cybersecurity in critical infrastructure, including transportation, energy, water utilities, and state, local and tribal governments. Using the MGT IIJA Cyber Funding Assessment and Plan, grant seekers can easily fulfill the complex application requirements and process to apply for funding.
Good News for State, Local and Tribal Governments
Under the IIJA’s State and Local Cybersecurity Grant Program, $1 billion in federal grants was appropriated for fiscal years (FY) 2022 through 2025 to enhance the cybersecurity, resiliency, and protection of state, local and tribal governments. The funding is as follows:
FY 2022:$200 million
FY 2023: $400 million
FY 2024: $300 million
FY 2025: $100 million
The U.S. Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA), will administer the State and Local Cybersecurity Grant Program by awarding grants to eligible entities. These grants address cybersecurity risks and threats to networks and information systems owned or operated by (or on behalf of) state, local, or tribal governments. Now is the time to understand what this funding could mean to your municipality and how MGT can help you capitalize on those funds most efficiently.
Eligibility and Application for Cybersecurity Grants
Meet Grant Requirements with the IIJA Cyber Funding Assessment and Plan
The eligibility and application process for this cybersecurity grant can be complex. The IIJA Cyber Funding Assessment and Plan helps eligible organizations understand the grant requirements and apply appropriately to receive grant funding. Through this customized assessment, organizations better understand their current security posture and can identify the highest priority needs that provide the highest value and return on investment.
Cybersecurity Grant Requirements
The program is expected to open in the Q3 of 2022. State governments must pass down at least 80% of the funds they receive to local governments within their jurisdictions ― 25% must be allocated to local governments in rural areas. Additionally, state and tribal planning committees must include representatives from public education and health institutions.
Grants can also be provided to a “multi-entity group” ― a group of two or more eligible entities applying for a grant together.
An eligible state or tribal government that receives a grant under this program, or a local government that receives a subgrant, must use the funds to:
- Develop, implement, or revise a Cybersecurity Plan
- Support activities that address imminent cybersecurity threats to the information systems owned or operated by (or on behalf of) the eligible entity or a local government within its jurisdiction
- Address any other appropriate cybersecurity activity determined by the Secretary of Homeland Security, acting through the National Cyber Director.
The IIJA Cyber Funding Assessment and Plan will assist you in satisfying these requirements.
State and Local Cybersecurity Grant Program Requirements
While the program is currently being finalized, top-level conditions in the law include developing a Cybersecurity Plan which is subject to approval and periodic review by federal authorities. The plans must describe the applicants’ approach to handling a comprehensive list of cybersecurity-related control measures, including continuous cybersecurity vulnerability assessments and threat mitigation practices; adopting, and using best practices and methodologies to enhance cybersecurity, such as those of the National Institute of Standards and Technology (NIST) framework; and assessing and mitigating, to the greatest degree possible, cybersecurity risks and threats relating to critical infrastructure.
In addition, the required Cybersecurity Plan must reference the National Institute of Standards and Technology (NIST) cybersecurity framework. The Cybersecurity and Infrastructure Security Agency (CISA) has a cybersecurity framework, which cross-references the NIST framework.
The IIJA Cyber Funding Assessment and Plan is a NIST based cybersecurity assessment that satisfies the requirements to apply for this grant funding. Our firm is dedicated to social impact with a 230-employee strong cybersecurity practice focused on solving the most challenging security problems for our clients. We have delivered hundreds of NIST based security assessments over the years and are experts on the application of the key security best practices such as NIST CSF, CIS Top 20, and NIST 800-53.
CISA also provides cybersecurity resources for state, local, tribal, and territorial governments, which are aligned to the five Cybersecurity Framework Function Areas ― Identify, Protect, Detect, Respond, and Recover.
These requirements are intended to heighten cybersecurity at the state and local levels and reinforce the federal government’s efforts to standardize more robust cybersecurity practices in both the public and private sectors.
More Updates to Come
There are several issues that need to be addressed for the upcoming State and Local Cybersecurity Grant Program, including: How to comply with Cybersecurity Plan requirements? What is the process for funding distribution? Will the states allocate the funds to the local governments based on population or need or quality of grant applications? What equipment and services will be allowed to be purchased with grant funding?
As these questions are answered, MGT Technology will provide updates and guidance to state, local, and tribal governments, as well as providers of other critical infrastructure.
We Can Help You
In response to overwhelming requests for assistance navigating the grant application process and meeting the cybersecurity requirements, we’ve created the IIJA Cyber Funding Assessment and Plan to help you get IIJA funds. With this assessment, you’ll understand your security posture, pinpoint priority needs, and be prepared to appropriately apply for and receive funding, as directed by IIJA.
- Infrastructure and Investment Jobs Act: https://transportation.house.gov.
- Cybersecurity Infrastructure and Investment Jobs Act: https://www.natlawreview.com/article/key-cybersecurity-provisions-infrastructure-investment-and-jobs-act#:~:text=The%20IIJA%20appropriates%20%241%20billion,%24100%20million%20for%20FY%202025.
- Cybersecurity IIJA news article: https://statescoop.com/tag/cybersecurity-and-infrastructure-security-agency-cisa/
- Department of Homeland Security: https://www.grantsoffice.com/GrantDetails.aspx?gid=58731
- State and Local Cybersecurity Improvement Act: https://www.congress.gov/bill/117th-congress/house-bill/3138/text
- National Conference of State Legislators – Cybersecurity Legislation 2021: https://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2021.aspx