Making the Case for Compliance

The increased pressures on international supply chains in recent years has also heightened public awareness of the security and surveillance manufacturing process. Every aspect of a company’s design and build approach, as well as the components they use, is under intense scrutiny 

When you add in the requirements for NDAA, TAA or GSA compliance, the stakes are raised even higher.

To reduce cybersecurity risks to the United States, Section 889 of the 2019 National Defense Authorization Act (NDAA) prohibits the procurement of non-NDAA compliant security products by any government agency or recipient of federal grants.

As part of a broader State and Local Cybersecurity Grant Program (SLCGP), the Federal Emergency Management Agency (FEMA) has now allocated over $370 million in cybersecurity funding to aid and accelerate the replacement of these devices with NDAA-compliant products. This “rip and replace” program is part of a larger $1 billion FEMA cybersecurity initiative.

What to Know About the State and Local Cybersecurity Grant Program (SLCGP) Guide

Is my business eligible for SLCGP funds?
SLCGP grants are available to state, local, and territorial (SLT) governments and agencies, including schools and municipalities, in all 50 U.S. states and territories. Businesses that are sub-recipients of a state, local, or territorial government receiving SLCGP funding are also eligible for the program.

How much of our project will the SLCGP grant cover?
FEMA grants will fund 80% of the cost of approved rip-and-replace projects, while recipient organizations (or other grants) must fund the remaining 20%.

Can I use SLCGP funding to purchase cybersecurity equipment and software?
Yes. Organizations can use State and Local Cybersecurity Grant Program funding to purchase cybersecurity equipment and software as long as the equipment and software are directly related to implementing a comprehensive cybersecurity plan.

What types of cybersecurity activities are funded by the SLCGP?
The SLCGP grants are not intended solely for replacing security cameras and software. FEMA is more likely to accept applications that include holistic approaches, such as developing cybersecurity plans, implementing controls, performing risk assessments and cybersecurity training.

Covered cybersecurity activities include:

•    Purchasing cybersecurity tools and technologies
•    Developing and implementing cybersecurity plans
•    Implementing cybersecurity controls and best practices
•    Providing cybersecurity training to employees
•    Conducting cybersecurity risk assessments and audits
•    Responding to and recovering from cybersecurity incidents

How do companies apply for the SLCGP?
Applying for an SLCGP award is a multi-step process that can take one month or more. Submit your initial SLCGP application through the grants.gov portal at www.grants.gov.

FEMA will invite eligible applicants within one to two business days to access the Non-Disaster (ND) Grants System to proceed with a full application. 

Support is available on the Grants.gov hotline at (800) 518-4726, which is available 24/7 except for federal holidays. Technical support for the ND Grants System is available at ndgrants@fema.dhs.gov or (800) 865-4076.

What should an SLCGP application include?
Grant-seeking organizations must submit a detailed Cybersecurity Plan to FEMA with their application to qualify. This plan should outline how they will use SLCGP funds to:

•    Rip and replace non-NDAA-compliant security cameras and software
•    Manage, monitor, and track information systems and network traffic
•    Enhance the preparation, response, and resiliency of information systems
•    Implement continuous cybersecurity assessments and threat mitigation practices

FEMA also requires plans to establish a Cybersecurity Planning Committee to oversee the plan and outline the committee’s roles and responsibilities in a Cybersecurity Charter.

Lastly, applications must include a timeline, success metrics, and resource needs.

Are there any other FEMA grant programs?
The SLCGP is one of several FEMA preparedness grants developed to help mitigate terrorism and other high–consequence disasters and emergencies.

Below are some of the other FEMA grants that have been established:

Nonprofit Security Grant Program. This grant program was established to provide support for physical security upgrades to nonprofit organizations that are susceptible to terrorist attacks. The goal of the program is to help integrate state and local preparedness efforts with non-profit planning.
Learn more about the Nonprofit Security Grant Program.

Transit Security Grant Program. This grant program provides funding to intra-city buses, ferries, trains and other eligible public transportation systems to protect the public against acts of terrorism and other emergencies.
Learn more about the Transit Security Grant Program. 

Homeland Security Grant Program
This program includes a suite of grants to assist state, local, tribal and territorial efforts in mitigating, responding to and recovering from acts of terrorism and other threats to homeland security.
Learn more about the Homeland Security Grant Program. 

The right approach, the right partner

The global business landscape is complex and requires a comprehensive understanding of trade deals, tariffs, taxes, import/export regulations and more. Security is on everyone’s minds – whether it’s protecting our personal identities online, safeguarding confidential business communications or complying with regulations governing manufacturing partnerships. For a company’s partners and customers, these regulations can affect international supply chains, GSA contracts and even currently deployed technologies, especially if the customer is a U.S. government-related agency.     

For example, all Hanwha Vision security cameras and equipment are suitable for the SLCGP program. Hanwha Vision cameras and devices are fully NDAA compliant and meet the highest cybersecurity standards.

Hanwha Vision manufactures products in its own ISO 9001-certified facilities in South Korea and Vietnam. Hanwha Vision products across North and Latin America are serviced in the 10,000-square-foot Hanwha Total Care Center (HTCC) near its New Jersey headquarters. Products manufactured in South Korea are fully compliant with the Trade Agreements Act (TAA) terms, which qualifies them for sale under GSA guidelines.

As an Authorized CVE Numbering Authority (CNA) for the Common Vulnerabilities and Exposures (CVE®) program sponsored by the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), Hanwha Vision helps to identify, define, and catalog publicly reported cybersecurity vulnerabilities.

Do other SLT governments, agencies, schools, or municipalities in the U.S. use Hanwha Vision security solutions?
Yes. Government, defense, and various commercial enterprises throughout the United States currently use Hanwha Vision products and solutions. Hanwha Vision proudly serves the City of Houston, the City of Phoenix, the State of Ohio, the Army & Navy Academy, Putnam City Schools, Penn Medicine, Ohio State Medical Center, Columbia Bank, and many more.

Programs like the State and Local Cybersecurity Grant Program (SLCGP) Guide are effective and valuable resources for state and local governments seeking to enhance their cybersecurity resilience and protect critical assets and information from the constantly present threat of cyber threats. By following the guidance outlined in the guide, governments can leverage federal funding and expertise to build robust cybersecurity programs that safeguard the public trust and ensure the continuity of essential services in an increasingly digital world.