501 (c)(3) nonprofit organizations that are determined to be at high risk of attack due to their ideology, beliefs, or mission.

FFY2023, Congress appropriated $305 million for Urban Areas and Non-Urban Areas, split evenly between the two. Organizations are able to apply for up to $150,000 per location.

The FFY2023 Notice of Funding Opportunity (NOFO) for the Nonprofit Security Grant Program was released on February 27, 2023. Submission deadlines are determined by each State Administrative Agency. We expect New Jersey's application cycle to open on March 1, 2023, and close on March 31, 2023, and sub-grantee awards are anticipated to be announced in late summer/early fall.

You will need to access the NJOHSP submission portal, fill out questions and upload your mission statement, Investment Justification (IJ), Vulnerability Risk Assessment (VRA), and other supporting documents.

Note: For the federal NSGP, organizations in Monmouth and Greater Middlesex counties must APPLY as NSGP-UA in the Jersey City/Newark urban area.

This is a reimbursement grant. If your organization is awarded a grant, you will have to advance funds for items and services purchased and submit proof of installation or execution and payment in order to be reimbursed.

Allowable costs are focused on security-related activities. Funding can be used for contracted security personnel, as well as security-related planning, training, exercises, and the acquisition and installation of cybersecurity enhancements and security equipment on property owned or leased by the nonprofit organization at the time of application.

Examples include:

• Equipment: Those items listed in the Authorized Equipment List as allowable under the NSGP.
• Contracted Security Personnel: Contracted security professionals as allowable under the NSGP.
• Planning: Activities related to the development of plans such as: Security Risk Management Plans; Continuity of Operations Plans; and Response Plans.
• Training: Security training for employees or members of the organization.
• Response exercises: All exercises must be pre-approved by the NJOHSP Training Bureau and Homeland Security Exercise and Evaluation Program (HSEEP)-compliant. Please contact the NJOHSP Training Bureau for more information.

Yes. Here are some examples of restrictions on expenditures:

• Reimbursement of pre-award grant and security expenses
• License plate readers
• Weapons and/or weapons training
• Facial recognition software
• General expenses, salaries, overtime
• Knox boxes
• Proof-of-concept initiatives/studies
• Costs associated with permits
• Architectural fees related to projects
• Equipment produced by Huawei Technologies Company or ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities).
  • Examples of the types of products covered by this prohibition include phones, internet, video surveillance, and cloud servers when produced, provided, or used by an entity owned or controlled by, or otherwise connected to, the People’s Republic of China. 

No, only one nonprofit can apply per building/facility/physical structure/address. Multiple requests for federal assistance will all be deemed ineligible.

Organizations may apply for a single location or multiple locations for the same 501 (c)(3) nonprofit.

Single Location

A nonprofit with one site may apply for up to $150,000 for that site.

Single Location with Multiple Facilities

A nonprofit with one site and multiple facilities at one physical address may apply for up to $150,000 for that site. Only one VRA and IJ are required but both the VRA and IJ must address the multiple facilities and their unique needs.

Multiple Locations

Nonprofits with multiple sites (multiple locations/physical addresses) may choose to apply for additional sites at up to $150,000 per site for a maximum of three sites, not to exceed $450,000. A VRA and IJ are required for each site.

1. Applications will be scored by NJOHSP.
2. NJOHSP will submit a list of IJs with all scores to FEMA.
3. FEMA will review the applications.
• In the final scoring process, organizations that are at risk due to their ideology, beliefs, or mission are prioritized.
• Additionally, organizations that have never received federal NSGP funding and/or that are located in an underrepresented/underserved community based on the Centers for Disease Control and Prevention's (CDC) Social Vulnerability Index receive additional points applied by FEMA in the scoring process.
4. Based on the process described above, FEMA will make funding recommendations to the Secretary of Homeland Security.
5. All final funding determinations will be made by the Secretary of Homeland Security, who retains the discretion to consider other factors and information in addition to FEMA’s funding recommendations.

The reviewers score IJs using the NSGP Scoring Matrix. Before you submit your grant package, it is good practice to review your IJ using the scoring matrix to have the best chance to obtain the maximum number of points.

Bonus points may be given for:

• First-time grantee bonus: Applicants that have not received NSGP funding in the past will receive an additional fifteen (15) bonus points to their total state application score.
• Mission-based bonus: To calculate an application's final score, the sum of the applicant's state score and the average of the two federal reviewers' scores will be multiplied by a factor of three (3) for nonprofit groups that are at a high risk of terrorist attacks due to their ideology, beliefs or mission, by a factor of two (2) for medical and educational institutions, and by a factor of one (1) for all others.
• Underserved communities: Nonprofit organizations located within an underserved community will have up to fifteen (15) points added to their project review score. Organizations located in an area with a high (0.69 – 0.79) or very high (0.8 – 1) CDC Social Vulnerability Index (SVI) score will have 10 or 15 bonus points added to final scores, respectively. Points will be assigned by FEMA.

Process for creating the final score:

1. State score (max 40) + Federal score (max 40) = IJ score
2. Mission-based Multipliers of 3, 2, or 1 applied to IJ score
3. First-time grantee bonus applied (15 points) 
4. Underserved community bonus applied (0 or 10 or 15 points)

The period of performance is the length of time that subrecipients have to implement their project(s), accomplish all goals, and expend all grant funding. The period of performance for the federal NSGP is 36 months.

Projected Period of Performance Start Date: 09/01/2023
Projected Period of Performance End Date: 08/31/2026 

A Unique Entity Identifier (UEI) is a 12-character alphanumeric identifier assigned to an entity by the System for Award Management, SAM.gov. As of April 4, 2022, Data Universal Numbering System (DUNS) numbers are no longer valid and all organizations applying for the federal NSGP grant MUST have a UEI number. Obtaining a UEI does not cost anything; it is free of charge.

For the FFY2023 NSGP, nonprofit organizations are not required to have a UEI issued at the time of application but MUST have a valid UEI to be eligible to receive funding. 

Note: If you receive an award but are ineligible to receive the funds you are no longer considered a first-time awardee and may not receive bonus points for future grant cycles.

How do I obtain a UEI for my organization?

Determine whether your organization was previously assigned a DUNS number when applying for federal assistance.

• If your organization was previously assigned a DUNS Number, it has been replaced by a new UEI value. Login to sam.gov to check your new UEl.
• If your organization has not previously applied for federal assistance, you will automatically be assigned a UEl when registering on sam.gov.

Watch this video to learn how to get a Unique Entity ID without needing to complete an entity registration on SAM.gov.

NSGP-UA (Urban Area) provides funding to nonprofit organizations located within an Urban Area Security Initiative (UASI)-designated high-risk urban area. NSGP-S (State) provides funding for nonprofit organizations located outside of UASI-designated high-risk urban areas.

A Vulnerability Risk Assessment (VRA) is an evaluation that identifies threats and hazards based on previous incidents and other intelligence sources. The assessment will list observations about your vulnerabilities related to planning, training, exercises, contracted security personnel, cybersecurity, and security equipment investments to mitigate your vulnerabilities and help make your facilities more secure. 

For the federal NSGP, a VRA must be conducted within 2-3 years of an organization's grant submission date. If substantial changes have been made to your facility since your last VRA or if you are requesting items not listed in your VRA, your organization will need to have your VRA updated or conduct a new assessment.

For more information, visit our security assessments page.

To schedule a VRA:

• Contact Federation's Director of Security Initiatives.
• Contact the Risk Mitigation Planner or Counter-Terrorism Coordinator at your County Prosecutor's Office.
• Contact NJOHSP.
• Reach out to your local or state law enforcement agency.
• Use a private vendor.

Note: Organizations are also allowed to submit self-assessments. Best practice is to have a security or law enforcement professional review all self-assessments. Please see below for a list of self-assessment tools.

The Investment Justification (IJ) is a fillable template provided and required by FEMA that asks nonprofits to describe the organization, risks/threats to the organization, and proposed projects/activities to mitigate security deficiencies (as identified in the vulnerability risk assessment) utilizing NSGP funding.

The IJ is subject to change each fiscal year, and prior years’ templates will not be accepted. Only use the form for the current fiscal year.

Note: This is the only document from the grant package that is forwarded by NJOHSP to DHS/FEMA.

Click here for the current IJ.

There are a number of things that constitute a strong IJ. Some of the most important elements include:

• Clearly identified risks, including threats, vulnerabilities, and consequences.
• Describe any threats (e.g., verbal threats, vandalization) made against the organization that prove you are at a high risk of a terrorist or other extremist attack.
• Describe current events with specific attention to incidents impacting organizations that have been targeted due to a similar mission, belief, or ideology.
  • The applicant should make the connection that they are at risk for the same reasons.
  • Local crimes such as burglary, theft, or vandalism without a terrorism, extremism, or hate-related nexus may provide context justification for NSGP funding.
• Provide information on the current threat environment.
• Description of findings from a vulnerability assessment.
• Describe any incidents that have occurred at your facility including description, dates, etc.
• A brief description of any supporting documentation (such as police reports or photographs) that is submitted as part of the application, if applicable.
• Explanation of how the investments proposed will mitigate or address the vulnerabilities identified in the submitted vulnerability assessment.
• All proposed activities are allowable costs per the current NSGP funding notice.
• Realistic milestones that consider the Environmental Planning and Historic Preservation (EHP) review process.
• Description of the project manager(s) and level of experience.

For more information, read the IJ Checklist.

Contracted security personnel are allowed under the grant program as described in the Notice of Funding Opportunity (NOFO) and the accompanying appendix C in the Preparedness Grants Manual. 

Things to note:

• The nonprofit organization may not use more than 50% of its award to pay for security personnel.
  • Please direct any questions about the personnel cap to NJOHSP.
• The nonprofit organization must be able to sustain this capability in future years without NSGP funding, and a sustainment plan will be required as part of the closeout package for any award funding this capability. 
• Contracted security costs described in the IJ should include the hourly/daily rate, the number of personnel, and anticipated number of hours/days the personnel will work over the course of the period of performance. 
• NSGP funds may not be used to purchase equipment for contracted security. 
• This funding is exclusively for the hiring of security personnel. It may not be used to supplant expenses for current security personnel but may be used to supplement additional security personnel needs based on identified risk.

The NSGP will cover activities directly related to the management and administration (M&A) of the award, such as meeting the financial management and monitoring requirements of the grant. 

To be considered for reimbursement, M&A costs must be included in the Target Hardening section of your Investment Justification and limited to up to 5% of the total award. M&A may not be used for operational costs such as vendor or contractor project management.

Examples of M&A include:

• Preparing and submitting required programmatic and financial reports.
• Establishing and/or maintaining equipment inventory.
• Documenting operational and equipment expenditures for financial accounting purposes.
• Responding to official informational requests from state and federal oversight authorities. 

It is good practice to check the references of those offering to administer your grant.

Note: NJ regulations require three bids for any project over $1000, including M&A contractors.

Yes. Here are examples of some expenditures:

• SaaS (Software as a service)
• Remote authentication
• Encryption software for protecting stored data files or email messages
• Malware/anti-virus protection
• Firewalls
• Intrusion detection and prevention

See the Authorized Equipment List for a full list of allowable costs.

Note: Subscription fees can only cover the period of performance, which is 3 years.

Any item included in your facility hardening plan must have a parallel vulnerability in your Vulnerability Risk Assessment (VRA) – including cybersecurity measures.