Tribal Cybersecurity Grant Program Fact Sheet

In Fiscal Year (FY) 2025, the Department of Homeland Security (DHS) is announcing the Tribal Cybersecurity Grant Program’s (TCGP) second round of funding, which will provide approximately $12.1 million to address cybersecurity risks and cybersecurity threats to information systems owned or operated by Tribal governments.

Overview

This program enables DHS to provide targeted cybersecurity resources in Tribal governments, thus improving the security of critical infrastructure and improving the resilience of the services Tribal governments provide their members. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) are jointly managing the TCGP. DHS respects the sovereignty and self-determination of Tribal governments and recognizes the intent of Congress to allow them to meet cybersecurity needs across Indian Country through the TCGP. The framework of the program was made with input from nation-to-nation consultation with tribal representatives across the country and is intended to support tribal cybersecurity resilience. 

Program Goal and Objectives

The goal of TCGP is to assist Tribal governments with managing and reducing systemic cyber risk. This goal can be achieved by implementing or revising Cybersecurity Plans, priorities, projects, and addressing the program’s objectives. CISA developed four overarching objectives for the TCGP based on the consideration of national priorities, frameworks, and the national cyber threat environment: 

1. Implement cyber governance and planning;
2. Assess and evaluate systems and capabilities;
3. Mitigate prioritized issues; and
4. Build a cybersecurity workforce.

FY 2025 tribal applicants are limited to applying for the investment/objective number and federal amount included in Section 3 of the TCGP Notice of Funding Opportunity (NOFO). Applicants should refer to the CISA.gov website for more information on TCGP program goals, objectives, sub-objectives, and desired outcomes required in their FY 2025 TCGP application.

Funding

In FY 2025, $12.1 million is available for awards under the TCGP, FEMA and CISA combined available funding from FY 2024 and FY 2025.  The funding for the TCGP for FY 2024 and FY 2025 is $9,142,996 and $3,021,975 respectively.

For the Fiscal Year 2022/2023 TCGP award cycle, CISA and FEMA created a discretionary allocation structure based on Tribal populations that elicited extensive interest from Tribal governments (e.g., 73 Tribal governments submitted applications for funding exceeding $100 million, far exceeding the available roughly $18 million). The statutory authorization for the TCGP expires on September 30, 2025, after which no new awards can be made. Insufficient time now remains to solicit and receive competitive applications, conduct review panels to evaluate, score and rank applications, and make awards, prior to the September 30th deadline. 

Therefore, CISA and FEMA will allocate the remaining $12,164,971 of Fiscal Year 2024/2025 TCGP funding to make additional awards, to fund meritorious Tribal applicant projects which did not receive funding during the Fiscal Year 2022/2023 award cycle. This decision is consistent with and reflects extensive feedback from tribal governments after nation-to-nation consultations (August 2022, November 2023 and September 2024). Final allocation amounts will be determined after the Application Deadline date of August 15, 2025. Applicants will be notified of the final allocation amounts after the Application Deadline. Additional information is available in the FY 2025 TCGP NOFO Section 3. “Program Description”.

Eligibility

The only eligible Tribal applicants are those listed in Section 3 of the FY 2025 Tribal Cybersecurity Grant Program Notice of Funding Opportunity, “FY 2025 TCGP Applicants, Investments and Allocations Chart” and applications are limited to only those investments/objectives listed in Section 3. Applicants must be a Tribal government that is eligible for the program. “Tribal government” is defined at Section 2220A(a)(7) of the Homeland Security Act of 2002 (codified as amended at 6 U.S.C. § 665g(a)(7)) as the recognized governing body of any Indian or Alaska Native Tribe, band, nation, pueblo, village, community, component band, or component reservation, that is individually identified (including parenthetically) in the most recent published list of Federally Recognized Tribes. 

Funding Guidelines

Cybersecurity Planning Committee and Cybersecurity Plan Requirements

Each Tribal government is required to establish a Cybersecurity Planning Committee that coordinates, implements, and approves a Cybersecurity Plan. An existing Tribal Council/Governing Body that includes 1) a grants administration office representative, and 2) a designated Chief Information Officer (CIO), Chief Information Security Officer (CISO), or equivalent official to the CIO or CISO with expertise in Information Technology (IT) may be used to meet the Committee requirement.

Cybersecurity Plans are meant to guide implementation of cybersecurity capabilities within the Tribal government. The Cybersecurity Planning Committee is responsible for approving the Cybersecurity Plan and prioritizing individual projects. Applicants can download the TCGP Cybersecurity Plan Template from Grants.gov. The template is an optional tool for applicants to use to revise and submit their Cybersecurity Plans to ensure they meet all the required statutory elements. CISA is available to provide technical assistance to Tribal governments on Cybersecurity Plan implementation.

CISA considers Cybersecurity Plans to be living, strategic documents. If any changes need to be made to a plan after submission, Tribal governments may work with CISA to update their plan.

Cost Share or Matching Requirements

Eligible applicants must agree to make available non-federal funds to carry out a TCGP award in an amount not less than 40% of the total project costs (federal award amount plus cost share amount, rounded to the nearest whole dollar). The cost share for the multi-entity projects is 30% for FY 2025.

The Secretary of Homeland Security (or designee) may waive or modify the non-federal share for an individual entity if the entity demonstrates economic hardship. However, DHS is not able to provide additional funds even if it does grant a cost share waiver. All Cost Share Waiver requests must be submitted post-award by the eligible entity by emailing the request and supporting documentation to FEMA-TCGP@fema.dhs.gov. 

Performance Measures

Performance measures are data used to gauge program performance. The FY 2025 NOFO contains a list of performance measures, some of which overlap with the best practices, that applicants are encouraged to consider when evaluating their program performance. Referencing these measures will help applicants ensure their projects are meeting CISA standards for improving cybersecurity posture.

Application Process

Applying for an award under the TCGP is a multi-step process. In order to apply for a grant award, an applicant must have a Unique Entity Identifier (UEI), Employer Identification Number (EIN), an active System for Award Management (SAM) registration, a Grants.gov account, and a FEMA Grants Outcomes (GO) account. Submit the complete application in FEMA GO using the TCGP FEMA GO Application Process (copies can be obtained by emailing FEMA-TCGP@fema.dhs.gov. 

There are no program-specific required documents required at the time of application. All program-specific required documents, forms, and, information will be required from recipients post award and can be found in Appendix A of the Notice of Funding Opportunity. The following forms or information are required to be submitted via FEMA GO. The Standard Forms (SF) are also available at Forms | Grants.gov. 

• SF-424, Application for Federal Assistance
• Grants.gov Lobbying Form, Certification Regarding Lobbying
• SF-424B, Standard Assurances (Non-Construction)
• SF-LLL, Disclosure of Lobbying Activities

Applicants are encouraged to register early in the SAM, UEI, and FEMA GO system, as the registration process can take four weeks or more to complete. Registration should be done in sufficient time to ensure it does not impact an applicant’s ability to meet the required submission deadline. Please refer to Section 5. “Submission Requirements and Deadlines” in the FY 2025 TCGP Notice of Funding Opportunity for detailed information and instructions.

All application materials will be posted on Grants.gov. Eligible applicants must submit their application through the FEMA GO system. Applicants needing technical support with FEMA GO should contact FEMAGO@fema.dhs.gov or call the FEMA GO Help Desk at 1-877-585-3242, Monday – Friday from 9:00 AM – 6:00 PM ET.

Completed applications must be submitted in the FEMA GO system no later than 5:00 PM ET on August 15, 2025. 

Period of Performance Extension Requests

Extensions to the FY 2025 TCGP period of performance for this program are not allowed.

TCGP Resources

There are a variety of resources available to address programmatic, technical, and financial questions, which can assist with TCGP applications:

• The FY 2025 TCGP NOFO Is located online at Grants.gov.
• For additional grants management and application information, please email FEMA-TCGP@fema.dhs.gov. You may also contact your Preparedness Officer.
• For support regarding financial grants management and budgetary technical assistance, applicants may contact the FEMA Award Administration Help Desk, via email at ASK-GMD@fema.dhs.gov.
• For support regarding programmatic elements and technical assistance related to cybersecurity planning and project development applicants may contact CISA via TCGPinfo@mail.cisa.dhs.gov. For regional contact information, please visit cisa.gov/about/regions.