Building a cybersecurity plan for the State and Local Cybersecurity Grant Program (SLCGP)


Updated August 8, 2023: Today, CISA announced that another $379 million is available for year two funding under the State and Local Cybersecurity Grant Program, with applications open August 7 through October 6, 2023. According to CISA, “applicants are encouraged to submit their cybersecurity plans developed with FY22 funds to access FY23 funding.” See the below information for more details on the cybersecurity strategy. 

The $379 million in year two funding is a significant increase from FY22’s $185 million funding. 

Funds for FY23 will be focused on the following priorities:

1. Conducting assessment and evaluations as the basis for individual projects throughout the life of the program

2. Adopting  key cybersecurity best practices and consult Cybersecurity Performance Goals

For state and tribal governments thinking about applying for — or that have already applied for — funding from the US federal State and Local Cybersecurity Grant Program (SLCGP) or Tribal Cybersecurity Grant Program (TCGP), you likely already know that building out a comprehensive cybersecurity plan is a required element in the process. If you’ve already submitted your application for fiscal year 2022 funding, you have until the end of September 2023 to submit your cybersecurity plan. (The exception here is if you already have a state-wide cybersecurity plan and will use the funding to implement or revise it.) 

States will also be able to apply for additional funding that will be released in the coming fiscal years. In that case, assembling the elements of your cybersecurity plan should also be on your radar.

What do you need to know about SLCGP at a high level?

  • 80% of the awarded funds must pass through to local government, and at least 25% to rural areas.
  • For FY 2022, the SLCGP has $185 million in funding.
  • CISA and FEMA will review each grant submission, and CISA will approve cybersecurity plans.
  • For FY 2023, there will be $400 million for distribution, and the application process will begin in late spring 2023.

What do you need to include in your cybersecurity plan?

In order to receive SLCGP funding, you must submit a state-wide cybersecurity plan that will be approved by the Cybersecurity Planning Committee and your state’s CIO, CISO, or leader in a similar information security role. You’ll also need to update your plan for the 2024 and 2025 fiscal years.

According to the US Department of Homeland Security (DHS), each cyber plan should address the following seven principles:

  • Multi-factor authentication
  • Enhanced logging
  • Data encryption for data at rest and in transit
  • End use of unsupported/end of life software and hardware that are accessible from the internet
  • Prohibit use of known/fixed/default passwords and credentials
  • The ability to reconstitute systems (backups)
  • Migration to the .gov internet domain.

A solid cybersecurity plan should start with fast access to data

The seven principles outlined above — when it comes down to it — can all point back to data. When building out your cybersecurity plan, consider how you can address multiple goals with one tool. When you ingest all your data into a single unified platform, you can use it across teams and for many different purposes. Consolidating your tools means fewer data and personnel silos and fewer places for cyber threats to hide. 

Elastic offers a unified data platform that enables organizations to come together around a single data set and tool that provides comprehensive insights. Built on top of our award-winning search platform is Elastic Security, a solution designed to detect and remediate cyber threats via the power of fast search. According to a recent survey, Elastic public sector customers say that using Elastic:

  • Reduces risk of data breach by 67% 
  • Reduces risk of employee productivity disruption by 67% 
  • Reduces risk of ransomware attacks by 66%
  • Decreases impact of threats by 63% 
  • Reduces risk of phishing scams by 62%

Threat monitoring for state government

Protect, investigate, and respond to complex threats by unifying the capabilities of SIEM, endpoint security, and cloud security.

With Elastic Security, you can deploy continuous monitoring across your entire IT infrastructure, whether in the cloud or on-premises. You’ll be able to bring together all your data from across your attack surface to eliminate blind spots, empower your teams, and reduce cyber risk with:

  • Cloud and application monitoring
  • Infrastructure and host monitoring
  • Network activity monitoring
  • Custom security monitoring

Enhanced logging with Elastic

“Enhanced logging” is one of the seven components of the cybersecurity plan, highlighting the importance of a solution that specializes in logging. Elastic is a recognized leader in log monitoring, with the broadest and most comprehensive set of log data sources in the industry. 

With Elastic you can:

  • Ingest and manage logs at scale
  • Get insights on structured and unstructured logs in minutes
  • Find the answers you need fast, with search that scales with you
  • Detect anomalies and patterns

Learn more about cybersecurity for your state agency

The State of Arizona’s Enterprise Security team wanted to increase its automation and reporting capabilities as part of its risk assessment and threat intelligence process. The team turned to Elastic to help analyze large amounts of data to better prevent, detect, and respond to cyber threats. You can hear Arizona’s security story here

Contact Elastic for more information about your state and local cybersecurity grant program (SLCGP) plan: