Rethinking the Role of Compliance

Where to Find Federal Funding for Compliance Modernization

With billions of federal dollars flowing into state and local agencies, there has never been a better time to invest in a cybersecurity program that can meet current threat management challenges; adhere to increasingly complex compliance obligations; and strengthen risk mitigation over the long-term.

Federal agencies, state and local governments are under significant pressure to achieve, maintain, and demonstrate real-time compliance with continuously emerging standards, frameworks, and mandates like FedRAMP, StateRAMP, Zero Trust, HIPAA, and NIST 800-53, among others. Qmulos is helping its customers tap into several sources of funding and transition from costly and time-consuming legacy compliance practices to real-time compliance automation that is aligned with modern cybersecurity risk management. 

For state & local governments, The American Rescue Plan Act (ARPA) and the State and Local Cybersecurity Grant Program (SLCGP) provide billions in federal aid that can be used to make cybersecurity investments, like leveraging big-data analytics and real-time insights to prove compliance across all major frameworks and strategies. For agencies The Technology Modernization Fund (TMF),  which we recently posted about here, is a third and vital program to help federal civilian agencies enhance cybersecurity across government networks.

Below are some additional details about each fund’s cybersecurity priorities and why projects like real-time compliance automation that can proactively mitigate cyber threats are eligible for investment.

ARPA has made $350 billion in funding available through the Coronavirus State and Local Fiscal Recovery Fund (CSLFRF) for cybersecurity investments. The allocation breakdown is as follows:

  • $195 billion to states
  • $65 billion to counties
  • Nearly $46 billion to cities
  • $20 billion to tribal governments
  • $4.5 billion to territorial governments
  • $19.5 billion to non-entitlement units of local government,
    which includes cities, towns, townships, villages and other types of local government

Only a portion has been allocated to cybersecurity to date, ~ $53 million. To see how other cities and counties are using their ARPA state dollars for IT  infrastructure modernization visit: The Local Government ARPA Investment Tracker

Using ARPA Funds for Compliance Modernization

State and local governments can access this aid for data and technology infrastructure improvements to enhance cybersecurity. The Treasury says recipients can use this aid for the “modernization of cybersecurity, including hardware, software and protection of critical infrastructure.”

Funds must be obligated by Dec. 31, 2024, however states and localities have until Dec. 31, 2026 to spend the aid.

Another massive funding program, the State and Local Cybersecurity Grant Program, received $1 billion in funding to help state and local governments strengthen their security infrastructure. SLCGP is part of the broader Infrastructure Investment and Jobs Act which includes a total of $1.9 billion in funding for cybersecurity across several programs and industries.

The bill also:

  • incorporates the Cyber Response and Recovery Act of 2021, which authorizes $20 million over the next seven years to help state and local governments protect their infrastructure and IT assets from cyber threats.
  • establishes a Cyber Response and Recovery Fund that authorizes $100 million over the next five years to help both federal and non-federal entities effectively respond after a security incident involving critical infrastructure

Using SLCGP Funds for Compliance Modernization 

State and local governments can use the funding to address cybersecurity risks and cybersecurity threats to their information systems. Government agencies will need to present a comprehensive cybersecurity plan to be approved for this aid. These plans must detail how state and local entities will maintain cybersecurity, and leverage applicable security programs within the Department of Homeland Security, such as vulnerability testing and ongoing security assessments

The application process opened in 2022 and the funds will be distributed over a four year period, with $400M available this year in 2023, $300M in 2024 and $100M in 2025.

For federal agencies, Qmulos is helping its customers meet new – and binding – vulnerability detection requirements through the Technology Modernization Fund (TMF). TMF is an investment program that loans funding to federal agencies to address urgent IT modernization challenges. 

Using TMF Funds for Compliance Modernization 

The goal of the fund is to aid all agencies, no matter what size, in accelerating information technology-related projects that will enhance cybersecurity and better secure sensitive Government systems. The Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks, that directs federal civilian agencies to better account for what resides on their networks.

Agency leaders are strongly encouraged to submit project proposals to the Technology Modernization Board through a two-step process and make use of TMF funding. Qmulos can help support TMF proposal development and ensure the proper framework is in place to evolve the role of compliance from data collection to taking action on real-time information to protect operations.

Others have also read ...


Qmulos Enhances Q-Compliance Platform, Adds Support for CMMC Level 3 Requirements, NERC CIP, OSCAL Interoperability, NIST 800-53 Rev. 5 Migration Capabilities, and Creates Technical Add-Ons for OpenShift and Microsoft Azure

Qmulos announced significant updates to its flagship compliance automation platform, Q-Compliance. Q-Compliance V4.5.0, now generally available, features added support for the recently released CMMC level 3 compliance requirements; NERC CIP support for North American electric utility companies; and enhanced data migration capabilities to help security and risk management teams migrate NIST 800-53 rev. 4 objectives and results to rev. 5 objectives.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.