Coming soon: $1.9 billion cybersecurity grant program in new Infrastructure Investment and Jobs Act (IIJA)


MGT Technology can help you navigate the application process to meet the cybersecurity requirements.

The Infrastructure Investment and Jobs Act (IIJA) became law in November of 2021, authorizing approximately $1.9 billion in federal grants for cybersecurity. These grants focus on enhancing information technology (IT) cybersecurity in critical infrastructure, including transportation, energy, water utilities, and state, local and tribal governments.  

Good News for State, Local and Tribal Governments
Under the IIJA’s State and Local Cybersecurity Grant Program, $1 billion in federal grants was appropriated for fiscal years (FY) 2022 through 2025 to enhance the cybersecurity, resiliency, and protection of state, local and tribal governments. The funding is as follows:  

    • FY 2022: $200 million 
    • FY 2023: $400 million 
    • FY 2024: $300 million 
    • FY 2025: $100 million 

Cybersecurity and Infrastructure Security Agency CISAU.S. Department of Homeland Security logo




The U.S. Department of Homeland Security (DHS), through the Cybersecurity and Infrastructure Security Agency (CISA), will administer the State and Local Cybersecurity Grant Program by awarding grants to eligible entities. These grants address cybersecurity risks and threats to networks and information systems owned or operated by (or on behalf of) state, local, or tribal governments. Now is the time to understand what this funding could mean to your municipality and how MGTcan help you capitalize on those funds most efficiently.  

Eligibility and Application for Cybersecurity Grants

While the application process and requirements for funding have not been finalized, the program is expected to open in the Q3 of 2022. State governments must pass down at least 80% of the funds they receive to local governments within their jurisdictions ― 25% must be allocated to local governments in rural areas. Additionally, state and tribal planning committees must include representatives from public education and health institutions. 

 Grants can also be provided to a “multi-entity group” ― a group of two or more eligible entities applying for a grant together.  An eligible state or tribal government that receives a grant under this program, or a local government that receives a subgrant, must use the funds to: 

    • Develop, implement, or revise a Cybersecurity Plan  
    • Support activities that address imminent cybersecurity threats to the information systems owned or operated by (or on behalf of) the eligible entity or a local government within its jurisdiction  
    • Address any other appropriate cybersecurity activity determined by the Secretary of Homeland Security, acting through the National Cyber Director. 

State and Local Cybersecurity Grant Program Requirements

While the program is currently being finalized, top-level conditions in the law include developing a Cybersecurity Plan which is subject to approval and periodic review by federal authorities. The plans must describe the applicants’ approach to handling a comprehensive list of cybersecurity-related control measures, including continuous cybersecurity vulnerability assessments and threat mitigation practices; adopting, and using best practices and methodologies to enhance cybersecurity, such as those of the National Institute of Standards and Technology (NIST) framework; and assessing and mitigating, to the greatest degree possible, cybersecurity risks and threats relating to critical infrastructure.  

In addition, the required Cybersecurity Plan must reference the National Institute of Standards and Technology (NIST) cybersecurity framework. The Cybersecurity and Infrastructure Security Agency (CISA) has a cybersecurity framework, which cross-references the NIST framework. 

MGT Technology’s Security Operations Center (SOC) and Network Operations Center (NOC) are ISO27001 certified. Our professional staff have delivered hundreds of NIST based security assessments over the years and we take a 24x7x365 approach to Managed Detection & Response (MDR). 

CISA also provides cybersecurity resources for state, local, tribal, and territorial governments, which are aligned to the five Cybersecurity Framework Function Areas ― Identify, Protect, Detect, Respond, and Recover.   

These requirements are intended to heighten cybersecurity at the state and local levels and reinforce the federal government’s efforts to standardize more robust cybersecurity practices in both the public and private sectors. 

More Updates to Come
There are several issues that need to be addressed for the upcoming State and Local Cybersecurity Grant Program, including: How to comply with Cybersecurity Plan requirements? What is the process for funding distribution? Will the states allocate the funds to the local governments based on population or need or quality of grant applications? What equipment and services will be allowed to be purchased with grant funding?  

As these questions are answered, MGT Technology will provide updates and guidance to state, local, and tribal governments, as well as providers of other critical infrastructure.  

We Can Help You

MGT Technology is a Social Impact driven company that has decades of solving complex cybersecurity and network challenges for state, local, and tribal governments, as well as Fortune 500 enterprises, educational institutions, healthcare, and financial organizations. With its Security Operations Center (SOC) and Network Operations Center (NOC), and a team of more than 230 professionally certified staff, we have helped hundreds of the communities our clients serve, of impacting them for good.  

 For more information about MGT Technology’s Cybersecurity Solutions, including Cybersecurity Planning, 24x7x365 Managed Detection & Response Systems, Assessments & Testing, and Compliance Programs, please contact: or visit 

Publish Date

Posted on July 13, 2022