State and Local Cybersecurity Grant Program

Frequently Asked Questions

The SLCGP and Eligibility Requirements

What is the SLCGP?

  • A federally funded grant program designed to build cybersecurity capabilities at the state and local levels.
  • Supports planning, equipment, training activities, and implementation of state and federal cybersecurity strategies.
  • Tied to local needs identified through the Nationwide Cybersecurity Review (NCSR), if completed.

Who can apply?

Eligible Tennessee subrecipients of SLCGP include:

  • Local Governments
  • A county, municipality, city, town, township, local public authority, school district, special district, intrastate district, council of governments (regardless of whether the council of governments is incorporated as a nonprofit corporation under state law), regional or interstate government entity, or agency or instrumentality of a local government.
  • An Indian tribe or authorized tribal organization.
  • A rural community, unincorporated town or village, or other public entity.
  • A public educational institution (e.g., elementary school, secondary school, or institution of higher education) if it is an agency or instrumentality of a state or local government under state and/or local law.

Who cannot apply?

Ineligible subrecipients of SLCGP include:

  • Non-profit organizations
  • For-profit organizations
  • Private educational institutions

Application Requirements

  • Application deadline is December 12, 2025, 12:00 PM CST / 1:00 PM EST
  • State of Tennessee’s Strategic Technology Solutions emails contacts and posts on our website the funding availability for SLCGP.
  • Projects for direct reimbursement must comply with the requirements of the Authorized Equipment List (AEL) linked in the table at the bottom of this page.
  • Applicants must complete the Local Government Investment Justification (IJ) Worksheet.
  • Submit completed IJ’s to cybersafetn@tn.gov by the application deadline date.
  • Projects seleceed for funding must be approved by the Cybersecurity Planning Committee

Examples and Information

Previous project examples have included:

  • SIEM (security information and event management) – (DE.AE-3) Provides logging architecture supports real-time collection of device logs, file integrity monitoring (FIM) events, and any other application or system that supports syslog.
  • Vulnerability Management – (DE.CM-8) Provides continuous discovery and prioritization of security vulnerabilities.
  • Email Filtering, Protection, and Encryption – (DE.CM-4) Provides the users with an easy-to-use filtering solution with virus, phishing, and spam protection, along with email encryption.
  • CyberSecurity Training – (PR.AT-1) Provides weekly and annual cyber security training videos and quizzes for training, along with phishing simulation to help gauge employee training retention.
  • DMARC Management – Provides management for DMARC reporting on all sending sources for the domain.
  • Backup for Microsoft 365 – (PR.IP-4) Provides cloud backup for Microsoft 365 Email, OneDrive, and SharePoint.
  • Password Management – Provides a secure means for the employees to store passwords that can be managed by the entity in an administrative portal. More secure alternative than users storing passwords in their browsers.
  • Governance, Risk, and Compliance Management Application (GRC) – (ID.GV-3) Provides an application to manage compliance and policies based on many different frameworks.
  • Upgrade to Microsoft 365 Premium –These subscriptions do not have the logging and security necessary for the security add-ons listed above. Upgrading all the licenses to Microsoft 365 Business Premium will provide this functionality. This would also provide the ability to enroll endpoints into Intune to manage policies and deploy Windows Defender for Endpoint.
  • Network Firewall – (DE.CM-1) Provides network security, regulating inbound and outbound traffic, separating trusted and untrusted networks, and network traffic monitoring.
  • Endpoint Backup – (PR.IP-4) Provides secure local and cloud backup for endpoints (PCs, Servers).

Pluralsight Availability

The State of Tennessee has training licenses for the Pluralsight platform available at no cost for state and local government entities through funding from the State and Local Cybersecurity Grant Program.For more information about Tennessee's use of Pluralsight, please see the Pluralsight Tennessee Case Study.

For Any Additional Questions

Please use the table linked here to find contact information for your district representative, who can address any additional questions or concerns.