NSGP-funded security install: a step-by-step playbook

NSGP-funded security install: a step-by-step playbook for nonprofits

FEMA's Nonprofit Security Grant Program (NSGP) reimburses eligible 501(c)(3) organizations up to $200,000 per site (NSGP-S and NSGP-UA combined under the FY24 NOFO) for target-hardening security work. The path from interest to install runs in seven phases: eligibility check, threat narrative, site vulnerability assessment, scope and budget, application support through the State Administrative Agency, post-award procurement and install, then close-out documentation. The clock that matters is the State deadline, which usually lands two to four weeks before the federal due date.

Why NSGP rewards preparation, not optimism

FEMA's Nonprofit Security Grant Program is competitive. The FY23 cycle drew over 6,000 applications against roughly 2,000 awards. The applicants that win are usually the ones with a documented threat narrative, a clean vulnerability assessment, and a budget that maps tightly to FEMA's Authorized Equipment List.

The applicants that lose tend to share three problems: a generic threat narrative without citations, a budget that exceeds the per-site cap or includes ineligible items, and a missed State deadline. Each is preventable. Every step below protects the application from one of these failure modes.

This playbook is for the executive director, board chair, or operations lead asked to "look into the grant." It's not legal or grant-writing advice. It's the install side of the application, written by the integrator who builds the scope.

Phase 1: Confirm eligibility under the current FEMA NOFO

Read FEMA's Notice of Funding Opportunity for the current fiscal year first. Eligibility is narrow: 501(c)(3) status, designation by the State Administrative Agency, and demonstrated risk of a terrorist or targeted-violence attack. Houses of worship, religious schools, community centers, and cultural institutions are common applicants. Caps under the FY24 NOFO ran $200,000 per site for NSGP-S (state) and the same per site for NSGP-UA (urban area), combined. Confirm with your SAA which track applies and whether your county sits inside an urban area boundary.

Phase 2: Build the threat narrative with documented incidents

FEMA scoring leans hard on the Investment Justification (IJ) narrative. The IJ asks for documented threats specific to your organization: prior incidents on your property, threats received in writing or online, attacks on similar organizations in your region, and posted threats to your faith, ethnic, or community group. The reviewer wants citations, not feelings. Pull police reports, news articles, ADL or SPLC tracker entries, and internal incident logs. A threat narrative without dates and sources scores poorly. We help applicants assemble citations during the audit phase.

Phase 3: Run a vulnerability assessment against the IJ scoring rubric

FEMA wants a documented vulnerability assessment from a qualified security professional. The assessment maps current physical security against the threats in the IJ: perimeter, building exterior, lobby and entry control, interior gathering spaces, sanctuary or main hall, classroom or office areas, and parking. Each gap connects to a specific countermeasure (camera, access control, blast film, intrusion, mass-notification). Tec-Tel runs this as a free consultation plus a site walk. The deliverable is a written assessment your grant writer attaches verbatim to the IJ.

Phase 4: Build the scope and budget the State will actually fund

Eligible NSGP equipment categories are spelled out in the FEMA Authorized Equipment List (AEL). Cameras, access control, intrusion, exterior lighting, contract security, training, planning, and exercise costs are common allowables. Hard targets like blast-resistant film and door reinforcement are AEL-listed. Software-only purchases without a hardware tie are usually disallowed. Split the budget into equipment, install labor, and small contingency, with vendor quotes attached. Build to the cap, not above it. State reviewers reject budgets that look padded or exceed the per-site limit.

Phase 5: Submit through the State Administrative Agency on the State deadline

Most applicants miss that the State deadline is the deadline that matters, not FEMA's. The State Administrative Agency (in New York that's NYS DHSES, in California Cal OES, in New Jersey NJOHSP) collects, scores, and ranks applications, then forwards a state-prioritized list to FEMA. State deadlines run two to four weeks before the federal close. Late or incomplete submissions get cut at the State level before FEMA ever sees them. Plan to have IJ, vulnerability assessment, vendor quotes, and 501(c)(3) determination letter loaded into the State portal a full week before the State deadline.

Phase 6: Award announcement, EHP review, and procurement clearance

Awards are announced four to seven months after submission. After award, the Environmental and Historic Preservation (EHP) review is the next gate. Any exterior work or wall penetration triggers EHP, and procurement is blocked until the State signs off. EHP turnaround is two to eight weeks by State and scope. Once EHP clears, procurement can begin. The vendor on the awarded budget isn't automatically the vendor on the install. Some States require open-bid procurement for awards over a threshold. Tec-Tel works inside whatever procurement rule the State imposes, including bidding under sealed RFP.

Phase 7: Install, commission, and prepare close-out documentation

Performance period is typically 36 months from award, which sounds long until EHP and procurement eat the first six. Install runs to the scope on the awarded IJ. Substantive scope changes require a Grant Adjustment Notice. Tec-Tel builds the schedule around your worship, school, or program calendar so there's no disruption to services. Close-out documentation includes installed-equipment serial numbers, photos of each install, sign-off from a designated official, and a final financial report. Sub-recipients that mismanage close-out get flagged for the next cycle. Keep the paperwork tight from day one.

Frequent buyer questions

How much can our nonprofit actually receive under NSGP?

Under FEMA's FY24 NOFO, the per-site cap was $200,000 for NSGP-S (State) and $200,000 for NSGP-UA (Urban Area), and an organization can hold awards in both tracks if eligible. Multi-site organizations can apply for separate sites under the same application, each at its own cap. Verify the current FY's cap directly in the FEMA NOFO before scoping. Source: FEMA NSGP NOFO.

Who is eligible to apply for NSGP funding?

Applicants must be 501(c)(3) nonprofits and must be designated as eligible by their State Administrative Agency (SAA). The organization must demonstrate risk of a terrorist or targeted-violence attack through a documented threat assessment. Common applicants include houses of worship, religious schools, community centers, cultural institutions, and nonprofit hospitals. Public-sector entities, for-profits, and uncategorized 501s are not eligible. Confirm eligibility with your SAA before drafting an Investment Justification.

Do we have to pay for the install up front and get reimbursed?

Most States operate NSGP as a reimbursement program: the sub-recipient pays the vendor, then submits a request for reimbursement to the State. A few States allow direct billing or payment after invoice verification. Confirm the cash-flow rule with your SAA before signing a vendor contract. If your nonprofit can't float the cost, scope the install in phases that match your cash position. Camera and access-control installs can be phased across performance periods to manage cash.

What equipment qualifies under the Authorized Equipment List?

The FEMA Authorized Equipment List (AEL) governs what NSGP can buy. Allowable categories that come up most often include video surveillance (14CI-00-VIDA), access control (14CI-00-ACSE), intrusion detection, fencing and barriers, exterior lighting, blast-resistant film, training (such as active-shooter response drills), planning, and exercises. Software-only or services-only purchases without a hardware tie are typically disallowed. The AEL is updated periodically. Pull the current AEL from FEMA's website before finalizing scope.

How long does the whole NSGP cycle take, from interest to commissioned install?

Realistic end-to-end is 12 to 18 months. Application drafting and submission take 6 to 10 weeks. State scoring and FEMA review add 4 to 7 months. EHP review after award adds 2 to 8 weeks. Procurement and install run 2 to 6 months depending on scope. Performance period is 36 months from award, so there's room, but the first six months get eaten by EHP and procurement. Plan accordingly. Don't promise the board a fast turnaround.

Does Tec-Tel charge for the assessment if we don't get funded?

No. The free consultation and the on-site vulnerability walk are free, regardless of award outcome. The deliverable (a written vulnerability assessment your grant writer can attach to the IJ) is yours to keep. If your application is funded, we install. If it isn't, we'll help you re-scope for the next cycle or pursue alternative funding. NSGP often takes more than one cycle before a successful award. Persistence is part of this program.

Are the cameras and access control NDAA-compliant?

Yes. Federal grant rules under FAR 52.204-25 (NDAA Section 889) prohibit purchase of covered equipment from Hikvision, Dahua, Hytera, Huawei, ZTE, and their subsidiaries. Tec-Tel maintains an explicitly NDAA-compliant vendor matrix. Bills of materials for NSGP-funded projects are documented with each vendor's own 889 statement attached, and we exclude Hikvision, Dahua, and Lorex from any federal-grant-funded install. This protects your award from a clawback during the FEMA single audit.

Bring us your site list. We'll bring the IJ-ready vulnerability assessment.

A free working session plus on-site walk. The written assessment is yours to keep, funded or not.

Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.

Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

Talk to our team 855-577-0400