Tribal Cybersecurity Grant Program – CISA
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Search
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
These grants will assist Tribal governments with managing and reducing systemic cyber risk. Learn more here.
The Department of Homeland Security (DHS) announced the Tribal Cybersecurity Grant Program (TCGP) in September 2023 to assist Tribal governments with addressing cybersecurity risks and threats to information systems owned or operated by, or on behalf of, those Tribal governments. On July 1, 2024, DHS announced awards of more than $18.2 million in grants to 32 Tribal governments. These are the first grants ever to be awarded under the TCGP, which was authorized by the Bipartisan Infrastructure Law.
In addition to helping Tribal governments address cybersecurity risks and threats to their information systems, TCGP is enabling DHS to provide targeted cybersecurity resources that will improve the security of critical infrastructure and resilience of the services that Tribal governments provide to their members. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) jointly manage the TCGP. CISA provides cybersecurity programmatic subject-matter expertise by defining goals and objectives, reviewing and approving cybersecurity plans establishing measures of effectiveness, and organizing Objective Review Panels to review and score applications. FEMA provides administrative guidance through conducting eligibility reviews and issuing and administering the grant awards consistent with all applicable laws, regulations, and policies.
Digital threats impacting American Indian and Alaska Native tribes are increasing and becoming more complex, and tribal sovereignty creates unique cybersecurity challenges for these communities who for far too long have been underfunded and under-resourced. This program is an example of a unified approach across DHS, in which a FEMA-administered program leverages CISA’s capabilities to accomplish the Department’s goal of increasing tribal cyber defenses, similar to the State and Local Cybersecurity Grant Program, which was announced in 2023.
DHS respects the sovereignty and self-determination of Tribal governments and recognizes the intent of Congress to provide flexibility to Tribal governments to meet cybersecurity needs across Indian Country through the TCGP. The framework of the program was made as a result of nation-to-nation consultations with tribal representatives across the country and is intended to support tribal cybersecurity resiliency.
CISA developed four overarching objectives for the TCGP based on the consideration of national priorities, frameworks, and the national cyber threat environment:
Tribal governments were required to address how they will meet Program Objective 1 in their FY 2023 applications. Objectives 2, 3, and 4 were eligible, but were not required to be addressed in FY 2023 applications.
FEMA and CISA made $18.2 million available in the TCGP NOFO, which combined available funding from FY 2022 and FY 2023.
The TCGP is a discretionary grant program that divides the 574 federally recognized tribes with membership of greater than one individual into four categories based on overall population. The $18.2 million was divided across the four categories. The funding categories allowed for applications to be evaluated among applications from similarly populated tribes. This approach was implemented as a result of nation-to-nation consultations. The following table outlines the four population levels, number of tribes, and the corresponding combined funding levels for FY 2022 and FY 2023:
Table 1: Funding Categories
* The number of tribes with a population greater than 1 total 557. The remaining 17 tribes have a represented population of less than 1 per the US Census.gov data collected in 2020.
All 574 federally recognized Tribal governments were eligible to apply by the deadline of January 10, 2024. Tribes that applied were required to submit a Cybersecurity Plan, Cybersecurity Planning Committee List, and Charter.
Cybersecurity Planning Committee and Cybersecurity Plan Requirements
Each Tribal government was required to establish a Cybersecurity Planning Committee that approves a Cybersecurity Plan and assists with developing, implementing, and revising that plan. An existing Tribal Council/Governing Body that includes 1) a grants administration office representative, and 2) a designated Chief Information Officer (CIO), Chief Information Security Officer (CISO), or equivalent official to the CIO or CISO with expertise in Information Technology (IT) may be used to meet the Committee requirement.
These plans are meant to guide implementation of cybersecurity capabilities within the Tribal government. The Cybersecurity Planning Committee is responsible for approving the Cybersecurity Plan and assisting with determining effective projects. Applicants were encouraged to download the TCGP Cybersecurity Plan Template from www.grants.gov. The template was an optional tool for applicants to use to develop and submit their Cybersecurity Plans to ensure they met all the required statutory elements. CISA is available to provide technical assistance to Tribal governments on Cybersecurity Plan implementation.
CISA considers Cybersecurity Plans to be living, strategic documents. Following the submission of their plan as part of the grant application, Tribal governments may continue to work with CISA after funds are approved to update their plan.
Programmatic Criteria
Each Tribal government’s application was evaluated through a three-part review and selection process.
More information about the review process can be found in Section E.2 of the TCGP FY 2023 NOFO.
Cybersecurity Best Practices, Assessments, and Evaluations
Each applicant addressed key Cybersecurity Best Practices in their Cybersecurity Plan and within individual projects. In addition, the Cybersecurity Best Practices should consult the Cybersecurity Performance Goals (CPGs) to ensure a strong cybersecurity posture.
All TCGP recipients are required to participate in a limited number of free services provided by CISA. Participation in these services were not required for submission and approval of the grant but are post-award requirements.
The post-award required services are:
There are a variety of resources available to address programmatic, technical, and financial questions:
For more information about the Tribal Cybersecurity Grant Program (TCGP), please email TCGPinfo@cisa.dhs.gov.
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
Search
Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue
These grants will assist Tribal governments with managing and reducing systemic cyber risk. Learn more here.
The Department of Homeland Security (DHS) announced the Tribal Cybersecurity Grant Program (TCGP) in September 2023 to assist Tribal governments with addressing cybersecurity risks and threats to information systems owned or operated by, or on behalf of, those Tribal governments. On July 1, 2024, DHS announced awards of more than $18.2 million in grants to 32 Tribal governments. These are the first grants ever to be awarded under the TCGP, which was authorized by the Bipartisan Infrastructure Law.
In addition to helping Tribal governments address cybersecurity risks and threats to their information systems, TCGP is enabling DHS to provide targeted cybersecurity resources that will improve the security of critical infrastructure and resilience of the services that Tribal governments provide to their members. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) jointly manage the TCGP. CISA provides cybersecurity programmatic subject-matter expertise by defining goals and objectives, reviewing and approving cybersecurity plans establishing measures of effectiveness, and organizing Objective Review Panels to review and score applications. FEMA provides administrative guidance through conducting eligibility reviews and issuing and administering the grant awards consistent with all applicable laws, regulations, and policies.
Digital threats impacting American Indian and Alaska Native tribes are increasing and becoming more complex, and tribal sovereignty creates unique cybersecurity challenges for these communities who for far too long have been underfunded and under-resourced. This program is an example of a unified approach across DHS, in which a FEMA-administered program leverages CISA’s capabilities to accomplish the Department’s goal of increasing tribal cyber defenses, similar to the State and Local Cybersecurity Grant Program, which was announced in 2023.
DHS respects the sovereignty and self-determination of Tribal governments and recognizes the intent of Congress to provide flexibility to Tribal governments to meet cybersecurity needs across Indian Country through the TCGP. The framework of the program was made as a result of nation-to-nation consultations with tribal representatives across the country and is intended to support tribal cybersecurity resiliency.
CISA developed four overarching objectives for the TCGP based on the consideration of national priorities, frameworks, and the national cyber threat environment:
Tribal governments were required to address how they will meet Program Objective 1 in their FY 2023 applications. Objectives 2, 3, and 4 were eligible, but were not required to be addressed in FY 2023 applications.
FEMA and CISA made $18.2 million available in the TCGP NOFO, which combined available funding from FY 2022 and FY 2023.
The TCGP is a discretionary grant program that divides the 574 federally recognized tribes with membership of greater than one individual into four categories based on overall population. The $18.2 million was divided across the four categories. The funding categories allowed for applications to be evaluated among applications from similarly populated tribes. This approach was implemented as a result of nation-to-nation consultations. The following table outlines the four population levels, number of tribes, and the corresponding combined funding levels for FY 2022 and FY 2023:
Table 1: Funding Categories
* The number of tribes with a population greater than 1 total 557. The remaining 17 tribes have a represented population of less than 1 per the US Census.gov data collected in 2020.
All 574 federally recognized Tribal governments were eligible to apply by the deadline of January 10, 2024. Tribes that applied were required to submit a Cybersecurity Plan, Cybersecurity Planning Committee List, and Charter.
Cybersecurity Planning Committee and Cybersecurity Plan Requirements
Each Tribal government was required to establish a Cybersecurity Planning Committee that approves a Cybersecurity Plan and assists with developing, implementing, and revising that plan. An existing Tribal Council/Governing Body that includes 1) a grants administration office representative, and 2) a designated Chief Information Officer (CIO), Chief Information Security Officer (CISO), or equivalent official to the CIO or CISO with expertise in Information Technology (IT) may be used to meet the Committee requirement.
These plans are meant to guide implementation of cybersecurity capabilities within the Tribal government. The Cybersecurity Planning Committee is responsible for approving the Cybersecurity Plan and assisting with determining effective projects. Applicants were encouraged to download the TCGP Cybersecurity Plan Template from www.grants.gov. The template was an optional tool for applicants to use to develop and submit their Cybersecurity Plans to ensure they met all the required statutory elements. CISA is available to provide technical assistance to Tribal governments on Cybersecurity Plan implementation.
CISA considers Cybersecurity Plans to be living, strategic documents. Following the submission of their plan as part of the grant application, Tribal governments may continue to work with CISA after funds are approved to update their plan.
Programmatic Criteria
Each Tribal government’s application was evaluated through a three-part review and selection process.
More information about the review process can be found in Section E.2 of the TCGP FY 2023 NOFO.
Cybersecurity Best Practices, Assessments, and Evaluations
Each applicant addressed key Cybersecurity Best Practices in their Cybersecurity Plan and within individual projects. In addition, the Cybersecurity Best Practices should consult the Cybersecurity Performance Goals (CPGs) to ensure a strong cybersecurity posture.
All TCGP recipients are required to participate in a limited number of free services provided by CISA. Participation in these services were not required for submission and approval of the grant but are post-award requirements.
The post-award required services are:
There are a variety of resources available to address programmatic, technical, and financial questions:
For more information about the Tribal Cybersecurity Grant Program (TCGP), please email TCGPinfo@cisa.dhs.gov.
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
