97.156: Tribal Cybersecurity Grant Program

97.156

Active

Federal Emergency Management Agency (FEMA) [DHS]

Dec. 31, 2024

Dec. 31, 2024

The goal of the Tribal Cybersecurity Grant Program (TCGP) is to assist tribal governments with managing and reducing systemic cyber risk. This goal can be achieved over the course of the Period of Performance (POP) as applicants focus on their Cybersecurity Plans, priorities, projects, and implementation toward addressing the program objectives. Program Objectives for TCGP include: 1. Develop and establish appropriate governance structures, as well as plans, to improve capabilities to respond to cybersecurity incidents and ensure continuity of operations; 2. Tribal governments understand their current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments; 3. Implement security protections commensurate with risk (outcomes of Objectives 1 & 2); and 4. Ensure organization personnel are appropriately trained in cybersecurity, commensurate with responsibility Performance Measures: • Percentage of tribes with CISA approved tribal Cybersecurity Plans • Percentage of tribes with Tribal Cybersecurity Planning Committees that meet the Homeland Security Act of 2002 and TCGP funding notice requirements • Percentage of tribes conducting annual table-top and full-scope exercises to test Cybersecurity Plans • Percent of the tribes’ TCGP budget allocated to exercises • Average dollar amount expended on exercise planning for Tribes • Percentage of tribes conducting an annual cyber risk assessment to identify cyber risk management gaps and areas for improvement • Percentage of tribes performing phishing training • Percentage of entities conducting awareness campaigns • Percent of tribes providing role-based cybersecurity awareness training to employees • Percentage of tribes adopting the Workforce Framework for Cybersecurity (NICE Framework) as evidenced by established workforce development and training plans • Percentage of tribes with capabilities to analyze network traffic and activities related to potential threats • Percentage of tribes implementing multi-factor authentication (MFA) for all remote access and privileged accounts • Percentage of tribes with programs to anticipate and discontinue use of end-of-life software and hardware • Percentage of tribes prohibiting the use of known/fixed/default passwords and credentials • Percentage of tribes operating under the “.gov” internet domain • Number of cybersecurity gaps or issues addressed annually by tribes

Federally Recognized Tribal Governments may apply directly through the Tribal Cybersecurity Grant Program or may receive funds as subrecipients of the State and Local Cybersecurity Grant Program. Eligible entities are “Tribal government” under Section 2220A(a)(7) of the Homeland Security Act of 2002 (codified as amended at 6 U.S.C. § 665g(a)(7). This statute defines “Tribal government” as the recognized governing body of any Indian or Alaska Native Tribe, band, nation, pueblo, village, community, component band, or component reservation, that is individually identified (including parenthetically) in the most recent list published pursuant to Section 104 of the Federally Recognized Indian Tribe List of 1994 (25 U.S.C. § 5131). Tribal governments that apply must submit a Cybersecurity Plan, Cybersecurity Planning Committee List, Charter, TCGP Investment Justification (IJ) form, and a Project Worksheet form. These requirements must be fulfilled before a Tribal government may receive TCGP award funding. Two or more Tribal governments may apply together as a Tribal consortium and submit one application for the consortium.

Not Applicable

https://sam.gov/fal/f1d4189f4cb94c92bac21bbb625d4cda/view