State and Local Cybersecurity Grant program for the Infrastructure Improvement and Jobs Act (IIJA)

1 min read

The State and Local Cybersecurity Grant program that is embedded in the Infrastructure Improvement and Jobs Act (IIJA) is near. The Notice of Funding Opportunity (NOFO) is expected sometime in the next few weeks, likely before mid-July. Cities and counties are in scope for $1B to be disbursed after a process of application and prioritization.

The application process for each state will be slightly different, however we should all see the results of planning that has occurred very soon. An application template and instructions will be released in each geography. These instructions nominally require an assessment against a recognized framework - the likely choice is the NIST Cybersecurity Framework (NIST CSF). This assessment will identify programmatic and control gaps to form the basis of your grant request.

State committees have been developed to adjudicate and prioritize the distribution of funds and note that there is an amount specifically reserved for rural jurisdictions. In our state (Washington), this committee is composed of public-sector cybersecurity executives and practitioners; your mileage may vary. Capital purchases, cybersecurity consulting, and managed cybersecurity services are in the scope of allowable uses of the grant funding.

Critical Insight has always been specifically focused on local government cybersecurity since our inception and has been providing tools to self-assess against the NIST CSF.

Contact us for assistance in developing the materials you need to submit for your application. We can assist with your assessment and grant writing at a nominal cost, which can be applied toward managed cybersecurity services you may want to contract with federal cyber grant funds. To learn more, contact us here.