Good News: You Can Now Use SLCGP Grant Dollars for CIS Products and Services
If you've been wondering whether your SLCGP or TCGP grant funding could cover CIS Services, the answer is yes.
On June 16, 2026, FEMA issued Information Bulletin No. 565, clarifying that State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP) recipients can use grant funds to purchase CIS Services, as long as those services are purchased individually and follow federal procurement standards (2 C.F.R. §§ 200.317–200.327).
What This Means for You
This opens up a compliant path to fund products and services you may already rely on, like network monitoring and management, managed detection and response, managed security services, vulnerability scanning and penetration testing, malicious code analysis, and hardened system images.
Use of Grant Funding for Membership Membership
The Information Bulletin indicated 'membership fees' that include "bundled cybersecurity or technical services" are not appropriate for grant funding due to FEMA's "inability to determine if these costs are reasonable and allocable to these grants programs." CIS will be working with the MS-ISAC Interim Member Governance Board to discuss methods to ensure that FEMA grant funding can be used to purchase what is now bundled as MS-ISAC membership. Stay tuned for updates.
One note: this membership-fee restriction applies specifically to SLCGP and TCGP. If you're funded through HSGP or THSGP, check with your grant administrator before assuming the same rule applies to you.
To discuss which CIS Services your grant funding could cover, reach out to the MS-ISAC team at [email protected]
Also New: NCSR Requirement Removed
FEMA dropped the Nationwide Cybersecurity Review (NCSR) requirement for SLCGP, TCGP, the Homeland Security Grant Program (HSGP), and the Tribal Homeland Security Grant Program (THSGP) recipients. It is no longer required under prior Notices of Funding Opportunity. FEMA may introduce a replacement assessment down the road.
What Hasn’t Changed
- Federal procurement standards still apply to every grant-funded purchase (2 C.F.R. §§ 200.317–200.327).
- Pricing still needs to be itemized and transparent to make a purchase allowable, not the service itself.
- Cybersecurity spending is still an allowable, encouraged use of your grant funding.
What to Do Next
- Confirm your funding program. SLCGP, TCGP, HSGP, and THSGP each have their own rules. Be sure to confirm which applies to you before making decisions.
- Talk to procurement early. It will save you headaches later.
- Reach out to the MS-ISAC. Email [email protected] and wewill help you figure out which services your funding can cover
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.