Fiscal Year 2025 Tribal Cybersecurity Grant Program

The Fiscal Year (FY) 2025 Tribal Cybersecurity Grant Program (TCGP), administered by the U.S. Department of Homeland Security (DHS) through the Federal Emergency Management Agency (FEMA), aims to support Tribal governments in enhancing their cybersecurity infrastructure and resilience. The program is part of a broader national strategy to address increasingly complex cyber threats posed by criminal groups and nation-state actors. Tribal, State, local, and territorial entities are essential partners in this defense, given their roles in enforcing laws, securing cyberspace, and protecting critical infrastructure. The TCGP is designed specifically to strengthen the cybersecurity posture of Tribal governments, improve the resilience of the services they provide, and protect their information systems. This funding opportunity is supported through appropriations from the Infrastructure Investment and Jobs Act (also referred to as the Bipartisan Infrastructure Law). A total of $12,164,971 is available under this NOFO for FY 2025. This funding represents a combined total from FY 2024 and FY 2025 and will be allocated to 18 previously identified Tribal governments whose projects were found meritorious in the FY 2022/2023 grant cycle but were not funded at that time. FEMA will inform eligible Tribal governments of their specific allocations and investments by August 4, 2025. Allocations range from $20,130 to $2,743,512 depending on the Tribe and project needs. Eligible applicants must be federally recognized Tribal governments explicitly listed in the NOFO’s allocation table. Sub-applicants and subawards are allowed, provided subrecipients are not foreign nationals or nonprofit/for-profit entities. Applicants must meet a cost-sharing requirement of 40% of total project costs for single-entity proposals and 30% for multi-entity proposals. However, cost share waivers may be requested post-award based on economic hardship and must include a justification narrative and documentation addressing unemployment, food assistance eligibility, or other public interest factors. Acceptable use of funds is limited to cybersecurity-related planning, organization, equipment, training, and exercises, as defined in Appendix E (POETE Solution Areas). Certain expenditures are explicitly prohibited, including construction, ransom payments, and cybersecurity insurance. The program emphasizes development or revision of a Cybersecurity Plan, establishment of a Cybersecurity Planning Committee, and alignment with Cybersecurity Performance Goals. Successful applications must detail proposed investments and activities using a standard Investment Justification (IJ) template and Project Worksheet (PW), along with detailed budget documentation. Applications will open on August 1, 2025, at 4:00 PM ET and close on August 15, 2025, at 5:00 PM ET. Final award announcements are expected on September 19, 2025, with the period of performance beginning on September 1, 2025, and ending on August 31, 2029. All applications must be submitted through FEMA’s online portal (FEMA GO). Required pre-registration steps include securing a UEI number, establishing a SAM.gov account, and creating a FEMA GO profile. No pre-applications or Letters of Intent are required. For inquiries, FEMA TCGP can be reached at FEMA-TCGP@fema.dhs.gov. For questions specific to programmatic requirements, the CISA Grant Program Office can be contacted at TCGPinfo@mail.cisa.dhs.gov. Additional technical assistance is available from the FEMA GO Helpdesk at femago@fema.dhs.gov or by phone at (877) 585-3242, Monday through Friday, 9:00 AM – 6:00 PM ET.

Use the FEMA draft PW as a base. Follow POETE alignment and submit only one application.