In November 2021, President Biden signed his $1.2 trillion infrastructure spending bill into law. Although the bill’s primary purpose was to fund roadway, transit, and broadband infrastructure, it also set aside roughly $1 billion for state and local cybersecurity.

The bill represented a much-needed helping hand for state and local governments, whose constant battle against threat actors is restricted by limited resources. Ten months and several high-profile cyberattacks later, reinforcements have finally arrived.

With the recent launch of the billion-dollar grant program in September, state and local governments have a means of leveling the playing field — at least to a degree. Let’s take a closer look at the initiative and how StateRAMP can help you win federal funding.

The State and Local Cybersecurity Grant Program (SLCGP)

The Department of Homeland Security (DHS) announced details about the program in September. Its mission is to help eligible entities address cybersecurity risks that threaten any information system owned or operated by or on behalf of state, local and territorial governments. That includes cloud service offerings developed by independent software vendors (ISVs) who do business in the public sector.

DHS will implement SLGCP through the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA). CISA will provide expertise on cybersecurity, whereas FEMA will oversee grant administration and allocation. State Administrative Agencies (SAA) are therefore responsible for managing the grant application and award.

Once the application window ends, FEMA and CISA will review states’ proposals and begin awarding funds. Notably, all applicants must meet specific requirements, including the creation of a Cybersecurity Plan. Also, at least 80% of the awarded funds must be passed through to local entities, where CISA says it’s “needed most.”

“The goal of this program is to address the enormous challenge that state, local and tribal, and territorial governments currently face when defending against cyber threats,” said White House Infrastructure Coordinator Mitch Landieu, according to StateScoop. “With this funding, we are better protecting our most vulnerable communities, ensuring that resource constraints don’t hold them back from developing plans to safeguard their critical infrastructure.”


The SLGCP requires applicants to produce a Cybersecurity Plan. This document not only should establish high-level cybersecurity goals, but also serve as an overarching framework for how those objectives will be achieved. This is where the State Risk and Authorization Management Program (StateRAMP) can be of service. 

Since its creation in 2020, StateRAMP has sought to unify state and local governments under a common cybersecurity standard. By implementing a stricter, more comprehensive framework, government agencies can simplify cloud security and better protect sensitive data.

State agencies that are planning to mandate StateRAMP compliance for their ISVs know the advantages of a more rigorous standard. And with continuous monitoring and hundreds of security controls in place, they can rest assured that their cloud data is properly protected. Better yet, they can incorporate StateRAMP into their SLGCP Cybersecurity Plan to better illustrate the safeguards they’ve put in place.

As a stronger demonstration of security, StateRAMP has the power to help state and local governments win much-needed federal funding.

Learn more about the advantages of StateRAMP compliance and how Project Hosts can help better protect government data when you contact our team today.