General Information

• https://www.michigan.gov/dtmb/services/cybersecurity/cyber-partners/state-and-local-cybersecurity-grant-program

• https://www.cisa.gov/cybergrants/slcgp

• Federal Cybersecurity grant with multiple (4) goals. Intention was for states to apply for the grant and States handle directly with recipients.

  • 2024 moved to a subgrant process in ~February due to lawyers getting involved at the state level. They said the state offering services directly was too risky and that a subgrant process was needed.

  • MSP is the grant administrator now (Michigan State Police).

• Funding cycle 2022 to 2026

  • First round goals are narrowed down to EDR and Cybersecurity assessments

  • First round grant winners (based on criteria)(see district inventory sheet): https://drive.google.com/drive/u/0/folders/1dNgyTENE26MKNkUGdI0qSHgmBIP2BDPm

  • As of Aug 2024 districts are at: Obtain AAF approval and some are at Select Vendor and initiate procurement process on the SLCGP Quick Reference PDF

• SLCGP Quick Reference PDF (Its in the google folder above) which contains all the steps and related dates: https://drive.google.com/file/d/1PPIkOnaJI_PbEn7xeKETfU_ZVJgaKzgM/view

• Deadlines so far

  • FY 2022 SLCGP Grant agreements and attachments are due to MSP/EMHSD by September 10, 2024

  • Recommend submission of AAF for EDR Projects by September 1, 2024

Contact Information

• Patrick Blake - blakep1@michigan.gov  - SLCGP Coordinator

• Amanda Lung - LungA@michigan.gov - Financial Questions

• Deborah Bracy - BracyD@michigan.gov - Procurement & Audit Questions

• General Mailbox - EMD_HSGP@michigan.gov

• Michelle McClish – McClishM@michigan.gov - Cyber Program Manager

• SLCGP Mailbox - DTMB-CIP-SLCGP@michigan.gov

SLCGP Procurement Process

• We will reach out to MiSecure for each district and obtain licensing based on the actual count of machines per districts (see MiSecure Wiki) /wiki/spaces/NET/pages/690749459

• All district counts are completed and recorded in the sheet linked below under the Totals tab (in the column highlighted in green) → https://docs.google.com/spreadsheets/d/1md64A6DkW80w6oPW5VoWhCJ7er6_Nk-bi9N2rOtFZYU/edit?gid=260014243#gid=260014243

• We will send an email to MiSecure contacts (including the director) with an email listing a request for a quote for each district, the total requested and the product being Crowdstrike Falcon Complete 2y license agreement.

  • Ensure that for each request they understand the quotes are to be made out to each district with that districts contact information/address/business office email and superintendent email.

  • This information is recorded on an alternate wiki page at this link and section (the Google Sheet): /wiki/spaces/DSI/pages/15434477

  • Have them bcc support@remc1.net with each quote and then merge their quote response into each SLCGP procurement ticket for each agency.

SLCGP Additional Requirements

• Must participate in the Nationwide Cybersecurity Review (NCSR) https://www.cisecurity.org/ms-isac/services/ncsr

  • It opens October through February.

  • All FY 2022 SLCGP subrecipients are required to complete the National Cybersecurity Review (NCSR) assessment each year of your grant performance period. 

  • An NCSR can be performed for a group of entities as long as we list all entities on the applicable form area. This means that if all our entities follow our same standards we can perform on NCSR for all SLCGP recipients.

  • PLEASE READ the specific NCSR Guidance here:

    • Please continue to submit the completion certificates to EMD_HSGP@michigan.gov  and for tracking and documentation purposes, and we the suggested due date is December 31, 2024.

       

      Below are some important reminders for consideration around the NCSR participation timeline:

    • Although MSP EMHSD has a suggested internal deadline of December 31, 2024, the assessment will remain open until February 28, 2025 for compliance purposes.

    • Participants must register at the website https://www.cisecurity.org/ms-isac/services/ncsr/ . Emailed requests for registration will not be considered.

    • For consistency purposes, MS-ISAC will not be able to change the name of an organization that has previously participated.

    • A participant is not required to send their entire assessment and responses to MSP-EMHSD, as their NCSR data is confidential.

    • IT or security contacts are encouraged to complete the NCSR rather than grant managers as the NCSR is an IT assessment.

    • An NCSR submission can cover multiple entities who receive HSGP funding. Participants should enter all “Legal Agency Names” within the appropriate question to account for all entities covered under the submission.

    • Once the 2024 NCSR officially closes, the aggregated data is used in a Summary Report that is designed to measure the gaps and capabilities of SLTT governments’ cybersecurity programs. The following page includes additional information on the NCSR: https://www.cisecurity.org/ms-isac/services/ncsr/ .

       

      For additional questions or assistance, please email NCSR@cisecurity.org.

• Must sign up for CISA Vulnerability Scanning Services and ALSO request interest in Web Application Scanning.

  • To: Vulnerability_Info <Vulnerability_Info@cisa.dhs.gov>
    Subject: Requesting Cyber Hygiene Services – SLCGP for (school district here)

    CISA,

    We as the <school district here> would like to request Cyber Hygiene and Web Application Scanning services as required by the SLCGP grant. We look forward to participating in this wonderful program.

  • Then fill out and submit these froms when they reply with a ticket for your request

    • FAQ on signup

    • Cyber Hygiene scan Application:

    • Cyber Assessment Form:

  • Web Application Scanning form Info

    • Fact Sheet:

    • Application:

    • Sample report from Web App Scanning: