Can municipalities use the same cybersecurity plan for the entire duration of the SLCGP period of performance, ending August 31, 2026?

The State and Local Cybersecurity Grant Program (“SLCGP”) requires eligible entities to submit a comprehensive and strategic cybersecurity plan to reduce cybersecurity risks and increase capacity to address cybersecurity vulnerabilities as part of their grant application. A municipality’s Cybersecurity Committee and Chief Information Officer/Chief Information Security Officer must approve the plan. A municipality’s cybersecurity plan should cover two to three years.[1] The plan will initially be approved for two years and will require annual approval thereafter.[2] The Notice of Funding Opportunity for the SLCGP does not address any extension of the annual plan approvals. Note that all eligible entities within a multi-entity group must already have a Cybersecurity Plan in place for the multi-entity group to be eligible for an award; multi-entity groups are not eligible for awards to develop a Cybersecurity Plan.

Last Updated: October 28, 2022