All state and local government entities are eligible to participate in the Whole-of-State Cybersecurity Plan. The Whole-of-State Plan provides shared cybersecurity solutions and funding to entities across Minnesota. Eligible public entities include:
Local entities interested in participating in the Whole-of-State Cybersecurity Plan must begin by following these steps:
After completing steps 1 and 2, the Cyber Navigator team will contact your organization to schedule a meeting. In that meeting, they will provide an overview, review roles and responsibilities, answer questions, and share the required program documentation. Once this is complete, MNIT will schedule a kick-off meeting and provide an entity-specific deployment timeline.
Goal 1: Mature cyber capabilities throughout the state.
Goal 2: Increase participation in programs and services known to work.
Goal 3: Collaborate and share information throughout the state.
Goal 4: Prepare and plan for cyber incidents by strengthening the cyber-resiliency of critical infrastructure.
The Whole-of-State Plan can be found here.
Through the Whole-of-State plan, participating entities have access to cost-efficient, sustainable, advanced cybersecurity tools and resources that are subsidized with federal and state funding.
By participating in the plan, your organization can:
The Nationwide Cybersecurity Review (NCSR) is a no-cost, anonymous, self-assessment offered to all states (and agencies), local governments (and departments), Tribal Nations, and territorial governments through the Center for Internet Security (CIS).
This is an excellent way to learn about your organizational baseline. The assessment is open from Oct. 1-Feb. 28 each year. All government partners are strongly encouraged to complete this assessment annually. Your organization can review NCSR information and register at Nationwide Cybersecurity Review (NCSR).
Through the Whole-of-State Plan, MNIT helps eligible entities strengthen their cyber resiliency and secure data that Minnesotans have entrusted to their organization. Funding for the Whole-of-State Plan comes from several sources, and used for two main programs:
Statewide Security Monitoring Initiative (SSMI): Eligible entities include Minnesota’s counties, port cities, and Tribal Nations. This has been funded through federal homeland security grants since 2012. The SSMI grant program was renewed for 2023 with $1.9 million of federal funds awarded to MNIT to deliver SSMI services to counties, port cities, and Tribal Nations.
State and Local Cybersecurity Grant Program (SLCGP): Eligible entities include cities, public schools, Tribal Nations, and government-affiliated critical infrastructure.
For four years (July 1, 2023 - June 30, 2027), the Whole-of-State Cybersecurity Plan will include $23.5 million through SLCGP funds. The funds are available to Minnesota through an annual application process and are designed to adjust annually based on a four-year program formula.
This grant program is not expected to be renewed by the federal government at the end of the four years and requires an increasing percentage of state matching funds each year to encourage state and local governments to develop sustainable funding for efforts that will last longer than the four-year SLCGP.
To drive sustainable program investments and to ensure programs are available to as many eligible entities as possible, the Cybersecurity Task Force might require participating entities to share the costs and benefits of security solutions and approved efforts in focus areas.
SLCGP funding includes:
Federal funds for SLCGP programs will be released in response to specific project requests that Minnesota makes to the federal government. These project requests must follow an application and agreement cycle with eligible local governments.
MNIT and the Minnesota Cybersecurity Task Force will submit project requests that align with the Cybersecurity Plan goals on a rolling basis as local entities submit requests and complete legal grant/service agreement documents.
In an effort to address additional concerns that Whole-of-State SLCGP survey respondents identified, MNIT is developing services for:
Both services are nearly at the rollout stage and will benefit a range of partners across the state.
MNIT will continue to work with our partners and the Cybersecurity Task Force to identify gaps and needs for additional cybersecurity efforts.
Minnesota is committed to ensuring the funding from the SLCGP grant program supports as many local government organizations as possible.
Federal law requires states to pass through at least 80% of the total funding to local governments through shared solutions/capabilities or a sub-grant process. MNIT has committed to pass through as much of the overall funding as possible, exceeding the 80% requirement.
In addition, at least 25% of Minnesota's total funding will be designated for rural areas, defined as communities with a population of less than 50,000 residents.
This funding is helping:
The federal grant requires MNIT to pass through solutions and/or funding no later than 45 days after FEMA and CISA release the funding to the state. Based on this requirement, MNIT and the Cybersecurity Task Force will submit funding requests monthly, as eligible entities complete the required grant program and work orders (service agreements).
We anticipate that many of these agreements will require action by boards, councils, or other elected bodies on behalf of the eligible organizations and may take days or weeks to gain proper approvals.
Submitting projects for funding release on a rolling basis will ensure that participating organizations' needs can be met as quickly as possible once approved and help Minnesota meet the 45-day passthrough requirement.
Local entities interested in participating in the Whole-of-State Cybersecurity Plan must begin by following these steps:
After completing steps 1 and 2, the Cyber Navigator team will contact your organization to schedule a meeting. In that meeting, they will provide an overview, review roles and responsibilities, answer questions, and share the required program documentation. Once this is complete, MNIT will schedule a kick-off meeting and provide an entity-specific deployment timeline.
Yes, but funding will be approved only for projects that align with the specific program goals set by the Cybersecurity Task Force. If your approved request includes a vendor different from the one that is part of the shared solution available through the plan, it will be subsidized at the same level of funding as the shared solution.
Eligible entities, such as local governments and K-12 schools, need to:
Our security experts will provide an implementation and configuration guide to help you onboard. In some cases, an IT provider may be needed to install and configure a solution. We will work with your existing provider to scope that work. If you do not have a provider, we will offer a program to assist you in foundational security work, including the implementation of MDR and other baseline security controls in a future project release.
Shared solutions offer a consistent product that is cost-effective, efficient, and brings value to eligible entities. We can negotiate a better statewide price for the benefit of all participants because of the scale of adoption. This approach has been proven to work in Minnesota with the SSMI program. Organizations that participated in SSMI’s shared solutions recognized significant cost savings compared to buying and managing their own solutions.
If an eligible entity in Minnesota prefers to choose and buy its own solution, they can apply for an SLCGP project. These project proposals will follow a sub-grant process that requires a grant application, project documentation, and quarterly updates on progress and success criteria results. To be considered by the task force, the proposed solution will need to meet the same criteria set by the task force for the shared solution core capabilities. Any alternate solutions funded through this program will be limited to the same subsidy level as entities choosing the shared solution receive. For example, if the shared solution costs $35/device and the cost share is $17/device, the subsidy amount for any qualifying solution will be limited to the difference of $18/device.
MNIT vulnerability management services are expected to be available in late 2024.
Local entities interested in participating in the Whole-of-State Cybersecurity Plan must begin by following these steps:
After completing steps 1 and 2, the Cyber Navigator team will contact your organization to schedule a meeting. In that meeting, they will provide an overview, review roles and responsibilities, answer questions, and share the required program documentation. Once this is complete, MNIT will schedule a kick-off meeting and provide an entity-specific deployment timeline.
Cyber Navigators lead communication efforts with eligible partner entities interested in Whole-of-State services. The Cyber Navigators meet with interested entities, discuss grant program details, and collect information needed to provide the work order and provision tools and services.
The Cyber Navigators manage the process at each stage and continue as a primary point of contact for entities participating in MNIT programs. They act as a liaison between MNIT and the eligible entities to enhance and strengthen organizational cybersecurity posture. They work with local government entities, vendors, as well as state and federal agencies, to answer questions and provide information.
Additionally, Cyber Navigators work closely with the Minnesota Fusion Center and federal agencies on range of cybersecurity topics and can connect entities to other local, state, and federal agencies.
Email the Cyber Navigators at CN.MNIT@state.mn.us to learn more about Whole-of-State Cybersecurity Plan or with any other questions.