General Information
Federal Cybersecurity grant with multiple (4) goals. Intention was for states to apply for the grant and States handle directly with recipients.
2024 moved to a subgrant process in ~February due to lawyers getting involved at the state level. They said the state offering services directly was too risky and that a subgrant process was needed.
MSP is the grant administrator now (Michigan State Police).
Funding cycle 2022 to 2026
First round goals are narrowed down to EDR and Cybersecurity assessments
First round grant winners (based on criteria)(see district inventory sheet): https://drive.google.com/drive/u/0/folders/1dNgyTENE26MKNkUGdI0qSHgmBIP2BDPm
As of Aug 2024 districts are at: Obtain AAF approval and some are at Select Vendor and initiate procurement process on the SLCGP Quick Reference PDF
SLCGP Quick Reference PDF (Its in the google folder above) which contains all the steps and related dates: https://drive.google.com/file/d/1PPIkOnaJI_PbEn7xeKETfU_ZVJgaKzgM/view
Deadlines so far
FY 2022 SLCGP Grant agreements and attachments are due to MSP/EMHSD by September 10, 2024
Recommend submission of AAF for EDR Projects by September 1, 2024
Contact Information
Patrick Blake - blakep1@michigan.gov - SLCGP Coordinator
Amanda Lung - LungA@michigan.gov - Financial Questions
Deborah Bracy - BracyD@michigan.gov - Procurement & Audit Questions
General Mailbox - EMD_HSGP@michigan.gov
Michelle McClish – McClishM@michigan.gov - Cyber Program Manager
SLCGP Mailbox - DTMB-CIP-SLCGP@michigan.gov
SLCGP Procurement Process
We will reach out to MiSecure for each district and obtain licensing based on the actual count of machines per districts (see MiSecure Wiki) /wiki/spaces/NET/pages/690749459
All district counts are completed and recorded in the sheet linked below under the Totals tab (in the column highlighted in green) → https://docs.google.com/spreadsheets/d/1md64A6DkW80w6oPW5VoWhCJ7er6_Nk-bi9N2rOtFZYU/edit?gid=260014243#gid=260014243
We will send an email to MiSecure contacts (including the director) with an email listing a request for a quote for each district, the total requested and the product being Crowdstrike Falcon Complete 2y license agreement.
Ensure that for each request they understand the quotes are to be made out to each district with that districts contact information/address/business office email and superintendent email.
This information is recorded on an alternate wiki page at this link and section (the Google Sheet): /wiki/spaces/DSI/pages/15434477
Have them bcc support@remc1.net with each quote and then merge their quote response into each SLCGP procurement ticket for each agency.
SLCGP Additional Requirements
Must participate in the Nationwide Cybersecurity Review (NCSR) https://www.cisecurity.org/ms-isac/services/ncsr
It opens October through February.
All FY 2022 SLCGP subrecipients are required to complete the National Cybersecurity Review (NCSR) assessment each year of your grant performance period.
An NCSR can be performed for a group of entities as long as we list all entities on the applicable form area. This means that if all our entities follow our same standards we can perform on NCSR for all SLCGP recipients.
Must sign up for CISA Vulnerability Scanning Services and ALSO request interest in Web Application Scanning.
To: Vulnerability_Info <Vulnerability_Info@cisa.dhs.gov>
Subject: Requesting Cyber Hygiene Services – SLCGP for (school district here)CISA,
We as the <school district here> would like to request Cyber Hygiene and Web Application Scanning services as required by the SLCGP grant. We look forward to participating in this wonderful program.
Then fill out and submit these froms when they reply with a ticket for your request
FAQ on signup
Cyber Hygiene scan Application:
Cyber Assessment Form:
Web Application Scanning form Info
Fact Sheet:
Application:
Sample report from Web App Scanning: