State and Local Cybersecurity Grant Program (SLCGP)

The U.S. Department of Homeland Security (DHS) is providing funding to address cybersecurity risks and threats to information systems of State, Local, and Territorial (SLT) subrecipients. The State of New Mexico SLCGP Cybersecurity Planning Committee (Planning Committee) developed a statewide Cybersecurity Plan, which included a cybersecurity capabilities assessment to form an initial understanding of the cybersecurity posture across New Mexico. Based on the assessment results, the Planning Committee identified and approved five (5) cybersecurity projects to address cybersecurity gaps.

Available Projects for Year 1 of the SLCGP

Through the development of the SLCGP Cybersecurity Plan, the Planning Committee has identified and approved the following five (5) initial projects to increase cybersecurity capabilities:

1. Cybersecurity Governance and Planning – Receive assistance to establish or enhance cybersecurity governance (e.g., cyber plans, policies & procedures, standards, organization structure) and implement or increase the adoption of cyber-hygiene and best practices (e.g., multi-factor authentication, enhanced logging, migration to .gov internet domain).
2. Cybersecurity Risk Assessments – Obtain assistance with performing cybersecurity risk assessments (e.g., Nationwide Cybersecurity Review (NCSR)) to better understand cybersecurity posture, identify cybersecurity risks, and determine gaps in cybersecurity controls. Assessment results will be leveraged to update the statewide Cybersecurity Plan and identify and prioritize future SLCGP-funded projects.
3. Vulnerability and Attack Surface Management – Receive cybersecurity risk mitigation services through the deployment and integration of vulnerability and attack surface management capabilities.
4. Cybersecurity Training – Obtain basic cybersecurity awareness and phishing training for employees.
5. Cybersecurity Workforce Development Planning – Participate in development of the strategic plan and roadmap for assessing cybersecurity workforce capabilities and implementing cybersecurity workforce development and training programs through the National Initiative for Cybersecurity Education (NICE) Framework.

The Planning Committee has coordinated with the New Mexico Office of Cybersecurity to implement and provide cybersecurity projects as services to eligible entities. To maximize funding and resources, the Planning Committee encourages eligible entities to apply for projects as State-provided services.

SLCGP Subrecipient Requirements

How an entity implements cybersecurity capabilities (through State-provided services, direct funding, or a combination of both) will dictate associated requirements that the entity must meet through the implementation of those cybersecurity capabilities:

Entity Receiving State-Provided Services

• Implement cybersecurity services and capabilities provided by the New Mexico Office of Cybersecurity.
• Coordinate with the NM Office of Cybersecurity to scope and define project requirements.

Entity Applying for Direct Funding

• Submit Investment Justification form and Project Worksheet to implement projects that meet the goals of the NM Cybersecurity Plan.
• Responsible for any SLCGP cost-share match requirements.
• Fulfill quarterly programmatic and financial reporting and documentation requirements.
• Subject to audit and oversight reviews as permitted by the grant program.