State, local cyber grant funding can’t be used on ‘bundled’ services from membership groups, FEMA clarifies
The Federal Emergency Management Agency has clarified its rules for how state and local governments may use funding from the State and Local Cybersecurity Grant Program and the Tribal Cybersecurity Grant Program.
In a June 16 information bulletin, FEMA clarified rules created last year by the Department of Homeland Security prohibiting grant funds from being spent on services provided by the Multi-State Information Sharing and Analysis Center, a popular membership organization run by the Upstate New York nonprofit Center for Internet Security. Rather, the new bulletin notes, state and local governments are prohibited only from spending the federal cyber grant funds on “membership fees that include bundled cybersecurity or technical services,” because FEMA is unable to determine if “these costs are reasonable.”
“Membership fees in general have been subject to additional scrutiny for being allowable, reasonable, and allocable for FEMA awards,” the bulletin read. “Using SLCGP and TCGP grant funds to pay for membership in an organization that offers a broad suite of cybersecurity or other technical services is not allowable due to FEMA’s inability to correlate the cost of the membership with the cost of each service received.”
Read more at StateScoop