skip to main content

H.R. 3138: State and Local Cybersecurity Improvement Act


We don’t have a summary available yet.

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress, and was published on Jun 1, 2021.


State and Local Cybersecurity Improvement Act

This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to establish the State and Local Cybersecurity Grant Program to address cybersecurity risks and threats to the information systems of state, local, or tribal organizations.

Eligible grant applicants (i.e., states and certain Indian tribes) must submit a cybersecurity plan—to be approved by CISA as a condition of disbursement—that describes how the applicant will use the funds to address cybersecurity risks and threats to their information systems. Grant funds must be used to implement, develop, or revise the applicant's cybersecurity plan or to assist with activities that address imminent cybersecurity risks or threats.

CISA must establish a State and Local Cybersecurity Resilience Committee to provide state, local, and tribal stakeholder expertise, situational awareness, and recommendations to CISA on how to address cybersecurity risks and threats.

CISA must develop and maintain a resource guide for state, local, tribal, and territorial government officials to assist with identifying, preparing for, detecting, protecting against, responding to, and recovering from cybersecurity risks, threats, and incidents. In addition, CISA must develop and make publicly available a Homeland Security Strategy to Improve the Cybersecurity of State, Local, Tribal, and Territorial Governments.

Finally, CISA must assess the feasibility of implementing a short-term rotational program to detail approved state, local, tribal, and territorial government employees to CISA in cyber workforce positions.