RECEIVED NOV 262 2024 BY:. Pwndhuy ORIGINAL Board ofCommissioners Item Transmittal Form Agenda Procurement/Contratt Transmittal Form Rohficakwn Type ofc contract: 1yearx Multi-yearD Single Event D Contract #: BOCApproval! Date: Submission Information Contact Name: Margaret Moore Jackson Department: Technology Services Vendor Information Homeland Security. Agency Address: P.0. Box 18055 Address: Vendor Name: Georgia Emergency Management and Project Title: State and Local Cybersecurity Grant Program Acceptance Email: robin.chatmon@gema.ga.gov Phone #: 470-889-5190 Contact: Robin Chatmon Funding Account Number: 250-1535-334111-05 Contract amount: $69,650 $6,965 MATCH Contract' Type: Goods0) Services (x) Labor 0 Contract Action: New (x) Renewal0) Change Order0) 250-1535-531711-05 Term ofc contract: Oct. 1,2 2024- Sept. 30, 2025 Original Contract Number: approvedor processing. ichell Signature: Finance Director Signature Ihave reviewed the attached contract, and the amounti is Procurement Manager Signature Ihave reviewed the attached contract, andi itisi in compliance with Purchasing Policies of Rockdale County. fAcbee Date: Vyay /-7-Z025 Signature: 1heby Detailed Summary of Contract: $6,965MATCH Rockdale County Technology Services Department is requesting acceptance of the SLCGP Grant administered through GEMA/HS int the amount of $69,650. Grant funds will be used for cybersecurity projects that will help to enhance the County's systems and network infrastructure. These projects willl help to provide robust security and continuity of our systems. Department Head/Elected Official Signature: m4chfokn Date: /ap 262F-10 GRANT AGREEMENT FOR FISCAL YEAR 2022 STATE AND LOCAL CYBERSECURITY GRANT PROGRAM BETWEEN THE GEORGIA EMERGENCY MANAGEMENT AND HOMELAND SECURITY AGENCY AND Rockdale (county) GRANT NO: 27 GRANT TERMS AND CONDITIONS The United States Department ofHomeland Security's ("DHS") Federal Fiscal Year ("FY")2022 State and Local Cybersecurity Grant Program ("SLCGP") assists state, local, and territorial SLTgoverments with managing andi reducing systemic cyber risk. Through funding from the Infrastructure Investment and Jobs Act, also known as the Bipartisan Infrastructure Law, the SLCGP enables DHS to make targeted cybersecurity investments in SLT government agencies, thus improving the security of critical infrastructure and improving the resilience of the services This Grant Agreement ("Agreement") is made and entered into by and between the Georgia Emergency Management and Homeland Security Agency ("GEMA/HS"), an agency ofthe State ("Subrecipient'). GEMA/HS and the Subrecipient are sometimes referred to herein individually For the purposes of this Agreement, GEMA/HS serves as the pass-through entity for a Federal SLT governments provide to their communities. of Georgia ("State"), and as a "Party" or collectively, the "Parties". Rockdale (county) award, and the Subrecipient serves as the recipient ofas subaward. THIS AGREEMENT IS ENTERED INTO BASED ON THE. FOLLOWING REPRESENTATIONS: 2C.F.R. $200.92 states that a' "subaward may be provided through any form ofl legal agreement, As defined by 2 C.F.R. $200.74, pass-through entity" means "a non-Federal entity that provides As defined by 2 C.F.R. $200.93, "Subrecipient" means "a non-Federal entity that receives a As defined by 2 C.F.R. $200.38, "Federal award" means "Federal financial assistance that ai non- Federal entity receives directly from a Federal awarding agency or indirectly from aj pass-through As defined by 2 C.F.R. $200.92, "subaward" means "an award provided by aj pass-through entity to a Subrecipient for the Subrecipient to carry out part of a Federal award received by the THEREFORE, DIVISION AND SUBRECIPIENT AGREE TOTHE FOLLOWING: including an agreement that thej pass-through entity considers a contract." a subaward to a Subrecipient to carry out part ofal Federal program." subaward from aj pass-through entity to carry out part ofal Federal program." entity." passthrough entity." I. PERIOD OF PERFORMANCE. The Parties hereby agree as follows: This Agreement shall become effective on the Projected State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 2 of43 Start Date and shall continue through the Projected. End Date listed below. Projected Period ofPerformance Start Date(s): October 1, 2024 Projected Period of Performance End Date(s): September 30, 2025 No modifications to the Budget Cost Lines can be made after the termination date, GEMA/HS will maintain overall responsibility and accountability to the federal government for the duration of the program. GEMA/HS, as t h e Recipient, has awarded the as the Subrecipient, in accordance with the Fiscal Year 2022 State and Local Cybersecurity Grant Program. Subrecipient shall meet a 10% cost share: requirement in the amount of $6,965.00 SLCGP Grant funding may not commence until this Agreement is effective. The Subrecipient agrees that all purchases and expenditures authorized under this program must be completed by the effective end date. Extensions are at the discretion of GEMA/HS and will only be granted for cause when requested in EM Grants Manager before the end date of this Agreement. Extensions should be requested 30 days before the end of this agreement, but no longer than DHS/FEMA HAS RESERVED THE RIGHT TO CHANGE THE FY22 SLCGP GRANT; INCLUDING SHORTENING THE PERFORMANCE PERIOD AND/OR GRANT END DATE. ANY CHANGE IN THE GRANT AND/OR PERFORMANCE PERIOD OF THE FY22 SLCGP AWARD WILL BE PASSED THROUGHTOTHE SUBRECIPIENT BY GEMA/HS. September 30, 2025 or when all funds have been used. amount of $69,650.00 to Rockdale (county) 30 days after the end date. II. STANDARD OF PERFORMANCE. The Subrecipient agrees to use allocated funds only as approved; to comply with the terms, conditions, and guidelines, as stated within this agreement; and to request reimbursement only for expenditures made in accordance with the SLCGP Investment Justification Worksheet and the approved Budget Detail Worksheet(s). Any modifications to the approved Budget Detail Worksheet(s) must be requested in writing by the Subrecipient and must be approved by Subrecipient shall perform all activities as approved by GEMA/HS. Any change to a project shall receiveprior written approval by GEMA/HS and, ifrequired, by FEMA or other awarding agency. Subrecipient shall perform all activities in accordance with all terms, provisions and requirements set forth in this Agreement, including but not limited to the following Exhibits and the Program Manager prior to the execution oft that modification. Attachments: A. Exhbitis: 1. SLCGP Goals and Objectives State and Local Cybersecurity Grant] Program Subrecipient Agreement FY22 Page 3 of43 B. Attachments: 1. Attachment A: Standard Assurances: (Attachment A1) Standard Form 424B Non-Construction) or (Attachment A2) Standard Form 424D (Construction), as applicable (COMPLETE, SIGN, AND RETURN WITH AGREEMENT) 2. Attachment B: FY 2022 State and Local Cybersecurity Grant Program 3. Attachment C: FY 2022 State and Local Cybersecurity Grant Program Agreement Articles; Amendment Letter; 4. Attachment D: Federal Terms and Conditions; Attachment E: Certifications Regarding 5. Lobbying; Debarment, Suspension And Other Responsibility Matters; And Drug-Free Workplace (COMPLETE, SIGN, AND RETURN WITH AGREEMENT) Attachment F: DHS Fiscal Year 2022 State and Local Cybersecurity Grant Program Notice of Funding Opportunity, (available online at Requirements; 6. ittps/www.fema.gov/prin/pdr'nde/641059); 7. Attachment G: SLCGP Investment Justification Worksheet; and Attachment H: Approved Budget Detail Worksheet(s). 8. III. FUNDING OBLIGATIONS. GEMA/HS shall not be liable to Subrecipient for any costs incurred by Subrecipient that are not allowable costs. A. Notwithstanding any other provision of this Agreement, the total of all payments and othero obligations incurred by GEMA/HS under this Agreement shall not exceed the total cumulative award amounts listed on the Subawards (projects and B. Subrecipient shall meet a 10% cost share requirement for the FY 2022 SLCGP as C. The Subrecipient agrees that all allocations and use of funds under this grant will be in accordancewith the FY 2022 SLCGP DHS/FEMA NOFO (Attachment H), subsequent versions). listed in the FY 2022 SLCGP DHS/FEMA NOFO. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 4 of43 and to comply with alll DHS/FEMA requirements and cooperate with GEMA/HS to comply with federal and state requirements relatedto the grant funding. D. The Subrecipient understands and agrees that any allocations and use of grant funding must support and may only be used to fund the investments identified: in the Fiscal Year 2022 SLCGP grant application submitted by GEMA/HS to DHS/FEMA and to use grant funding only forj projects pre- approved by GEMA/HS. E. Federal funds under this grant program are provided through reimbursement ofa all eligible expenditures. The Subrecipient shall follow procurement standards as F. The Subrecipient understands and agrees that it cannot use any federal funds, either directly or indirectly, in support oft the enactment, repeal, modification, or adoption of any law, regulation, or policy, at any level of government, without the G. No elected or appointed official or employee of the Subrecipient shall be admitted to any share or part ofa any benefit, directly or indirectly, from this agreement or grant award. This provision shallnot be construed to extend to any contract made H. Non-Supplanting Requirement. The Subrecipient agrees that federal grant funds received under this award will: not replace (supplant) funds that havel been budgeted for the same purpose through non-federal sources. Applicants or Recipients may be required to demonstrate ifai reduction ini non- federal resources occurred for reasons other than the receipt or expected receipt offederal funds. The Subrecipient will be expected to demonstrate how these funds willl be used to supplement, but not supplant, state or local funds for the same purposes. Prior Approval for Modification of Approved Budget. Before making any change to thel FEMA approved budget fori this award, you must request prior written approval from FEMA where required by 2 C.F.R. section 200.308. stated in federal and state laws and regulations. express prior written approval of GEMA/HS and DHS. with a corporation for its general benefit. 1. For purposes of non-construction projects, FEMA is utilizing its discretion to impose an additional restriction under 2 C.F.R. section 200.308(f) regarding the transfer of funds among direct cost categories, programs, functions, or activities. Therefore, for awards with an approved budget where the federal share is greater than the simplified acquisition threshold (currently $250,000), you may not transfer funds among direct cost categories, programs, functions, or activities without prior written approval from FEMA where the cumulative amount of such transfers exceeds or is expected to exceed ten percent (10%) of the total budget FEMA last approved. State and) Local Cybersecurity Grant] Program Subrecipient Agreement FY22 Page 50 of43 2. Forp purposes ofawards that support both construction and non-construction work, FEMA is utilizing its discretion under 2 C.F.R. section 200.308(h)(5) to require the recipient to obtain prior written approval from FEMA before making any fund or budget transfers between the two types ofwork. 3. Subrecipient must report any deviations from FEMA-approved budget in the first Federal Financial Report (SF-425) you submit following any budget deviation, regardless of whether the budget deviation requires prior written approval. J. After all approved items on the approved Budget Detail Worksheet()have been reimbursed to the Subrecipient; this Subrecipient Agreement shall be terminated. K. The terms of the approved Investment Justification(s) and Budget Detail Worksheet(s) submitted by the recipient are incorporated into the terms of this Federal award, subject to the additional description and limitations stated in this Agreement Article and the limitations stated in subsequent reviews by FEMA and the Cybersecurity and Infrastructure Security Agency ("CISA") of the award budget. Post-award documents uploaded into Non-Disaster Grants Management System ("ND Grants") for this award are also incorporated into the terms and conditions of this award, subject to any limitations stated in subsequent approvals by FEMA and CISA of changes to the award. Investments not listed in this Agreement Article are not approved for funding under this award. Any remaining funds shall be forfeited by the Subrecipient. IV. UNIFORM ADMINISTRATIVE REQUIREMENTS. A. Except as specifically modified by law or this Grant, Subrecipient shall administer this Agreement through compliance with the most recent version of all applicable federal and state laws and regulations, including but not limited to DHS program legislation, Federal awarding agency regulations, and the terms and conditions of this Grant. A non-exclusive list is provided below [not all may apply in every project): 1. Public Law 93-288, as amended (Stafford Act); 2. 44 C.F.R., Emergency Management and Assistance; 3. 4. 5. 6. Disaster Mitigation Act of 2000; OMB Regulations 2 C.F.R., Grant and Agreements; Executive Order 11988, Floodplain Management Executive Order 11990, Protection ofWetlands State and) Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 6 of43 7. Executive Order 12372, Intergovermmental Review of Programs and Activities 8. Executive Order 12549, Debarment and Suspension 9. Executive Order 12612, Federalism 10. Executive Order 12699, Seismic Design 11. Executive Order 12898, Environmental. Justice 12. Coastal Barrier Resources Act, Public Law 97-348 13. Single Audit Act, Public Law 98-502 14. Sandy Recovery Improvement Act publications 15. Disaster Recovery Reform Act of 201816 U.S.C. $ 470, National Historic Preservation Act 16. 16U.S.C. $ 1531, Endangered Species Act References 17. FEMA program publications, guidance, and policies 18. 2CFRI Part 200, Subpart E, Cost Principles for Non-Profit Organizations 19. 2 CFR Part 200, Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations B. Unique Entity Identifier ("UEI"). Effective April 4, 2022, the Federal Government transitioned from using the Data Universal Numbering System or DUNS number, to a new, non-proprietary identifier known as a Unique Entity Identifier or UEI. For entities that had an active registration in the System for Award Management (SAM) prior to this date, the UEI has automatically been assigned and no action is necessary. For all entities filing a new registration in SAM.gov on or after April 4, 2022, the UEI will be assigned to that entity as part oft the SAM.gov registration process. UEI registration: information is available on aqquistionserviceloficeokyptems-magsemenuimegnislawedawarl-environment ac/ae-systems-Ins-nformation-ki/unique-entilyidentilier-update. C. Accounting System. The Subrecipient agrees to maintain an accounting system integrated with adequate internal fiscal and management controls to capture and GSA.gov at PSPXEARVARSIENAbalsormiatoyfaie: State and) Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 7of43 report grant data with accuracy, providing full accountability for revenues, expenditures, assets, and liabilities. This system shall provide reasonable assurance that the Subrecipient is managing federal and state financial assistance programs in compliance with all applicable laws and regulations. D. The Subrecipient Agency shall utilize the U.S. Department ofHomeland Security's E-Verify System to verify the employment eligibility ofa all persons hired during the. Agreement term. V. PORCHASING. A. Purchasing. Subrecipient must follow federal, state, and local procurement guidance and regulations as standards for purchasing or acquiring equipment and services. All spending or purchases must be made in accordance with the agreed spending plan as outlined in the Budget Cost Lines (Attachment G) and all equipment purchases must be in accordance with the Department of Homeland Security Authorized Equipment List (DHS/AEL) located on the internet at: ntps/www.ema.gograntsgudanceip0SAlthonzad-equipment-lIs. B. Payment Request Forms. Payments to the Subrecipients will be made only upon presentation oft the approved Payment Request. Reimbursements from invoices and applicable proofo ofp payment (or other justifying documentation) will only be made for eligible equipment, materials, expenses, and costs upon approval ofthel Program Manager. Omission of pertinent documentation will constitutej justification for non- C. Allowable Costs. Funds must be spent in compliance with applicable rules and regulations noted int thel FY 2022 SLCGP DHS/FEMA NOFO. All costs charged to awards covered by this FY 2022 SLCGP DHS/FEMA NOFO must comply with the Uniform Administrative Requirements, Cost Principles, and Audit Requirements at 2 C.F.R. Part 200, unless otherwise indicated in the FY 2022 SLCGP DHS/FEMA NOFO or the terms and conditions of the award. This includes, among other requirements, that costs must be incurred, and products and services must be delivered, within the period of performance of the award. See 2 C.F.R. $ 200.403(h) (referring to budget periods, which forl DHS awards under this payment of any amounts submitted on the Payment Request. program is the same as the period of performance). 1. General Allowable Costs. Subrecipients can use SLCGP grant funds for: 1. Developing the Cybersecurity Plan; ii. Implementing or revising the Cybersecurity Plan; State and Local Cybersecurity Grant! Program Subrecipient. Agreement FY22 Page 8 of43 iii. Paying expenses directly relating to the administration oft the grant, which cannot exceed 5% oft the amount oft the grant award; iv. Assisting with allowed activities that address imminent cybersecurity V. Other appropriate activities as noted in thel FY 2022 SLCGP threats confirmed by DHS; and DHS/FEMA NOFO. 2. Planning. SLCGP funds may be used for a range of planning activities, such as those associated with the development, review, and revision oft the holistic, entity-wide cybersecurity plan and other planning activities that support the program goals and objectives and Cybersecurity Planning 3. Organization. Organization costs are allowable under this program. States mustj justify proposed expenditures ofSLCGP funds to support organization activities within their IJ submission. Organizational activities include: Committee requirements. Organizational activities include: a) Program management; b) Development ofwhole community partnerships that support c) Structures and mechanisms for information sharing between the Cybersecurity Planning Committee; the public and private sector; and d) Operational support. 1i. Personnel hiring, overtime, and backfill expenses are permitted under this grant to perform allowable SLCGP planning, organization, training, exercise, and equipment activities. Personnel expenses may include, but are: not limited to training and exercise coordinators, program managers and planners, and cybersecurity navigators. The grant recipient must demonstrate that the personnel will be sustainable. 4. Equipment. Funding may be used to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state and local governments. Subrecipients may spend their portion of the funds on ransomware protections, data backups, basic cybersecurity protections, risk management trameworks. Subrecipient should limit purchases to the equipment referenced in the FY2022SLCGP DHS/FEMA NOFO and the Authorized Equipment List ("AEL"). State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 9 of43 Software and software licenses are authorized expenditures under SLCGP. Software can be included in the "equipment" cost category of the project budget under the appropriate AEL number. Software licenses would generally be covered under the same. AEL as the ii. There are currently 21 different sections oft the AEL, including information technology (section 4) and cybersecurity equipment (section 5). Each. AEL section includes numerous categories and subcategories. SLCGP applicants should search all AEL sections, categories, and subcategories on thel FEMA AEL website to find the appropriate AEL. For example, the AEL: for SAAS (software as a service) is 04AP-11-SAAS-A Applications, Software as a Service. iii. Personnel must be properly trained to use the equipment purchased under this grant program in accordançe with all applicable federal, state, and local laws including, but not limited to regulations established by the Environmental Protection Agency ("EPA"), the Occupational Safety and Health Administration ("OSHA"), and the National Fire Protection Association ("NFPA"). By signing and submitting grant acceptance documents, the authorized official certifies employees have reçeived or will receive required training prior to utilizing equipment purchased with FEMA funding. iv. Subrecipient is responsible for replacing or repairing equipment that is lost, stolen, damaged, or destroyed as ai result of Subrecipient's willful ori negligent action. Property losses should be reported to GEMA/HS Additionally, recipients that are using SLCGP funds to support emergency communications equipment activities must comply with the SAFECOM Guidance on Emergency Communications Grants, including provisions on technical standards that ensure and enhance interoperable communications. You can access the Fiscal Year 2023 SAFECOM Guidance on Emergency software. immediately. 5. Communications Grants at the following link: ntips/www.Cisa.ovisites/delaul/les/2023- 04/fy23_ safecom guidance.pdf 6. Maintenance and Sustainment. Funding may be used for maintenance contracts, warranties, repair or replacement costs, upgrades, and user fees as described in DHS/FEMA Policy FP 205-402-125-1, available at tip/www.ema.goymeci-lborry/assels/documents/32474, 7. Training. Subrecipients may use SLCGP funds to attend training courses, exercises, and programs in the United States. State andl Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 100 of43 i. Allowable training-related costs under SLCGP include the establishment, support, conduct, and attendance oftraining and/or in conjunction with training by other federal agencies. Training conducted using SLCGP funds should align with the eligible entity's Cybersecurity Plan, address aj performance gap identified through assessments, and contribute to building a capability that will be ii. Any training or training gaps, including training related to underserved communities that may be more impacted by disasters, including children, seniors, individuals with disabilities or access and functional needs, individuals with diverse culture and language use, individuals with lower economic capacity, and other underserved populations, should bei identified in an assessment and addressed in the eligible evaluated through a formal exercise. entity's training cycle. iii. Subrecipients are encouraged to utilize. FEMA's! National Preparedness Course Catalog. Training includes programs or courses developed for and delivered by institutions and organizations funded by FEMA. This consists oft the Center for Domestic Preparedness (CDP), the Emergency Management Institute (EMI), and FEMA's Training Partner Programs, including the Continuing Training Grants (CTG), the National Domestic Preparedness Consortium (NDPC), the Rural Domestic Preparedness Consortium (RDPC), and other partners. The catalog features a wide range of course topics ini multiple delivery modes to meet FEMA's: mission scope and thei increasing training needs of federal, state, local, territorial, and tribal audiences. The catalog can be accessed at tp/www.irstresponderraininggov. iv. Proposed attendance at training courses and all associated costs leveraging the FY 2022 SLCGP must bei included in the Subrecipient's Investment Justification. Proposed attendance at training and all associated costs using SLCGP must bei included in the Subrecipient's Investment Justification. V. Some training activities require Environmental and Historic Preservation Review, including exercises, drills, or trainings that require any type ofl land, water, or vegetation disturbance or building oft temporary structures or that are: not located at facilities designed to conduct training and exercises. Additional information on training requirements and EHP review can be found online at ittps/www.ema.goy/media-lbratyassetsydocuments/90195. 8. Exercises. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 11of43 Exercise costs are allowable under this program. Exercises conducted with grant funding should be managed and run consistent with the Homeland Security Exercise and Evaluation Program (HSEEP). HSEEP guidance for exercise design, development, conduct, evaluation, and improvement planning is at Atips/www.emagov/emergency- managers/nationalpreparedness/exercises/hseep. ii. Any exercise conducted with SLCGP grant funds must comply with the Nation Incident Management System NIMSrquirements, attps/www.lemagovsitcsefautvnley2020-04/iomeland-Secunty- Exerise-amd-Flyaluationfogmm.Dactrime2020-Revision22 25.pdf. Exercise documentation, including but not limited to objectives, after-action reports, and participants, must be coordinated These requirements can bei found at with and submitted to the GEMA/HS. Management and Administration ("M&A"). 9. Subrecipients that receive an award under this program may use and expend up to five percent (5%) oft their FY 2022 SLCGP funds for ii. M&A costs are for activities directly related to the management and administration of the award, such as financial management and monitoring, submitting required programmatic and financial reports, establishing, and maintaining equipment inventory. M&A purposes. 10. Indirect (Facilities & Administrative (F&A)) Costs. Indirect costs are allowable under this program as described in 2 C.F.R. $ 200.414. With the exception of subrecipients who have never received a negotiated indirect cost rate as described in 2C.F.R. $ 200.414(f). Subrecipients must have an approved indirect cost rate agreement with their cognizant federal agency 11. Construction and Renovation. Any Subrecipient project that involves construction and renovation cost must contact GEMA/HS prior to submission. All Subrecipients must request and receive approval from DHS/FEMA before any funds are used for construction or renovation. 12. The Subrecipient understands and agrees that compensation for individual consultant services is tolereasonable and consistent and should represent fair market value for services. Time and effort reports for consultant toc charge indirect costs to this award. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 12 of43 services are required, and competitive bidding is ençouraged, as explained in2C.F.R. $200.317-326. D. Unallowable Costs. The following projects and costs are considered ineligible for award consideration: 1. 2. Initiatives that duplicate capabilities being provided by the Federal Government; Reimbursement of pre-award security expenses; 3. To supplant state or local funds; however, this shall not be construed to prohibit the use of funds from a grant under this FY 2022 SLCGP DHS/FEMA NOFO for otherwise permissible uses on the basis that the Subrecipient has previously used SLT funds to support the same or similar uses; 4. For: any recipient cost-sharing contribution; 5. Payment ofar ransom from cyberattacks; 6. Forr recreational or social purposes, or for any purpose that does not address cybersecurity risks or cybersecurity threats on SLTinformation systems; 7. Lobbyingori intervention in federal regulatory or adjudicatory proceedings; 8. Suing the federal government or any other government entity; 9. Paying for cybersecurity insurance; 10. Acquiring land or to construct, remodel, or perform alternations ofbuildings 11. For any purpose that does not address cybersecurity risks or cybersecurity threats on information systems owned or operated by, or on behalfof, the eligible entity that receives the grant or a local government within the or other physical facilities; or jurisdiction of the eligible entity. VI. GENERAL PROHIBITIONS A. UseofFunds. DHS/FEMA Grant funds may only bet used for the purposes set forth int this Grant and: shall be consistent with the statutory authority forthis Grant. Grant funds may not be used for matching funds for other Federal grants/cooperative agreements, lobbying, or intervention in Federal regulatory or adjudicatory proceedings. In addition, Federal funds may not be used to sue the Federal government or any other government entity. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 13of43 B. Federal Employee Prohibition. Federal employees are prohibited directly C. The employment of unauthorized aliens by the Subrecipient is considered a violation of Section 274A(e) of the Immigration and Nationality Act. If the Subrecipient knowingly employs unauthorized: aliens, such violation shall cause the unilateral cancellation of the Agreement. Any services performed by any such benefiting from any funds under this Agreement. unauthorized aliens shall not be paid. VII. MODIFICATIONS The Subrecipient understands and agrees that, in addition to the provisions in the Termination" section below, GEMA/HS shalll have the right tor make unilateral changes, cancel, or terminate this agreement int the event that FEMA and/or DHS makes changes to the FY22 SLCGP grant awarded to GEMA/HS. With the exception oftermination or changes includedi int this agreement, there shall ber no other changes tot this Agreement unless mutuallya agreed upon! by all parties tot the Agreement. VII. SUSPENSION Int the event Subrecipient fails to comply with any term ofthis Grant, GEMA/HS may, upon written notification to Subrecipient, suspend this Agreement, in whole or inj part, withhold payments to Subrecipient and prohibit Subrecipient from incurring additional obligations oft this Grant's funds. IX. TERMINATION A. Cause/Default: This agreement may be terminated for cause, in whole or inj part, at any time by the State of Georgia for the failure of the Subrecipient to perform any ofthe provisions or to comply with any oft the terms and conditions herein. If the State exercises its right to terminate this agreement under the provisions of this paragraph, the termination shall be accomplished in writing and specify the reason and termination date. The Subrecipient will be required to submit the final invoice no later than 30 days after the effective date of written notice oft termination. Upon termination of this agreement, the State shall not incur any new obligations after the effective date of the termination and shall cancel outstanding obligations, as possible. The above remedies are: in addition to any other remedies provided by law B. Notwithstanding and without waiving any other remedies available for the Subrecipient's failure to comply with the terms and conditions ofthis agreement, if the Subrecipient fails to meet its obligations, voluntarily or otherwise, as part ofa GEMA/HS program, GEMA/HS will have the right, privilege, and option to immediately terminate this Agreement. Failure to exercise the righto oftermination for previous occurrences or omissions will not act as a waiver for future noncompliance by the Subrecipient. Should GEMA/HS exercise the right, or the terms ofthis agreement. State andl Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 14 of43 privilege, and option to terminate this Agreement, the Subrecipient shall immediately transfer ownership ofany SLCGP grant-funded equipment purchased under this agreement to GEMA/HS or whomever GEMA/HS shall designate, C. GEMA/HS may terminate this Agreement for cause after thirty (30) days written notice. Cause can include misuse of funds, fraud, lack of compliance with applicable rules, laws, and regulations, failure to perform on time, and refusal by the Subrecipient to permit public access to any document, paper, letter, or other material subject to disclosure under O.C.G.A. Section 50-18-70 et seq. D. GEMA/HS may terminate this Agreement for convenience or when it determines, ini its sole discretion, that continuing the. Agreement would not produce beneficial results in line with the further expenditure of funds, by providing the Subrecipient E. Non-Availability of Funding: Notwithstanding any other provision of this agreement, in the event that either of the sources of funding for reimbursement under this agreement (appropriations from the General Assembly of the State of Georgia or the Congress of the United States of America) no longer exist, in the event, the sum of all obligations of GEMA/HS incurred under this and all other agreements entered into for this program exceeds the balance ofsuch funding, then this agreement shall immediately terminate without further obligation of GEMA/HS. The certification by the Director of GEMA/HS of the occurrence of F. In the event this Agreement is terminated, the Subrecipient will not incur new obligations for the terminated portion of the Agreement after the Subrecipient has G. The Subrecipient will cancel as many outstanding obligations as possible. Costs incurred after receipt oft the termination notice will be disallowed. The Subrecipient shall not be relieved ofliability to GEMA/HS because ofany breach of Agreement by the Subrecipient. GEMA/HS may, to the extent authorized by law, withhold payments to the Subrecipient for the purpose of set-off until the exact amount of H. Subrecipient's Responsibilities Upon Termination. If GEMA/HS provides a notice of termination to the Subrecipient, except as otherwise specified by 1. Stop work under this Agreement on the date and to the extent specified in without cost, as directed by GEMA/HS. with thirty (30) calendar days prior written notice. either oft the events stated above shall be conclusive. received the notification oft termination. damages due GEMA/HS from the Subrecipient is determined. GEMA/HS in that notice, the Subrecipient shall: the notice. State and Local Cybersecurity Grant Program Subrecipient Agreement. FY22 Page 15 of43 2. Completep performance ofsuch part oft the work that has not been terminated 3. Take such action as may be necessary, or as GEMA/HS may specify, to protect and preserve any property which is in thej possession and custody of the Subrecipient, and in which GEMA/HS has or may acquire an interest. 4. Transfer, assign, and make available to GEMA/HS all property and materiais belonging to GEMA/HS upon the effective date of termination of this Agreement. No extra compensation will be paid to the Subrecipient for its services in connection with such transfer or assignment. Withholding and Repayment of Funds. In addition to any other remedies provided by law or the terms oft this Agreement, ift the Subrecipient fails to comply with any of the terms or conditions of this Agreement, including all attachments hereto, or with any applicable federal or state law or regulation, GEMA/HS may withholdo or require repayment ofgrant funds inc connection with which the violation occurred. In addition, GEMA/HS may withhold or require repayment of all or any portion of the financial award which has been or is to be made available to the Subrecipient. Specifically, without limitation, GEMA/HS will be entitled to payment from the Subrecipient for any funds paid by the State or that the State is responsible to pay on behalfoft the Subrecipient for which GEMA/HS is unable to receive payment or required to repay due to the Subrecipient's failure to cooperate inj providing the required documentation showing receipt oft the goods or services, completing and returning the Acknowledgment Form to GEMA/HS in the time required, purchasing of equipment in the time required, submitting a request for reimbursement with complete supporting documents, or any other activity that GEMA/HS deems a failure by the Subrecipient under this Agreement. by GEMA/HS,ifany. I. X. CLOSING OF THIS GRANT. A. GEMA/HS will close each subaward after receiving all required final documentation from the Subrecipient. If the close out review and reconciliation indicates that Subrecipient is owed additional funds, GEMA/HS will send the final payment automatically to Subrecipient. If Subrecipient did not use all the funds B. At the completion and closure of all Subrecipient's projects (subawards), GEMA/HS will request the Subrecipient to Certify the completion of all projects (subawards) in accordance with the grant terms and conditions to state there areno received, GEMA/HS will recover the unused funds. further claims under this subgrant. C. The closeout oft this Grant does not affect: State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 16 of43 1. DHS/FEMA or GEMA/HS' right to disallow costs and recover funds on the basis ofa a later audit or other review; corrections, or other transactions; 2. Subrecipient's obligation to return any funds due as ai result of later refunds, 3. Records retention requirements, property management requirements, and 4. Any other provisions oft this Agreement that impose continuing obligations on Subrecipient or that govern the rights and limitations ofthej parties to this Agreement after the expiration or termination oft this Agreement. audit requirements, as set forth herein; and XI. INDEMNIFICATION. A. The Subrecipient shall be fully liable for the actions of its agents, employees, partners, subrecipients, or contractors and shall fully indemnify, defend, and hold harmless the State and GEMA/HS, and their officers, agents, and employees, from suits, actions, damages, and costs of every name and description, arising from or relating to personal injury and damage to real or personal tangible property alleged tol be caused in whole ori in part by the Subrecipient, its agents, employees, partners, subrecipients, or contractors provided, however, that the Subrecipient shall not indemnify for that portion of any loss or damages proximately caused by the B. The Subrecipient shall fully indemnify, defend, and hold harmless the State and GEMA/HS from any suits, actions, damages, and costs of every name and description, including attorneys' fees, arising from or relating to violation or infringement ofa at trademark, copyright, patent, trade secret, ori intellectual property right provided, however, that the foregoing obligation shall not apply to GEMA/HS' misuse or modification of the Subrecipient's products or GEMA/HS' operation or use of the Subrecipient's products in a manner not contemplated by negligent act or omission oft the State or GEMA/HS. the Agreement. GEMA/HS will not be liable for any royalties. XII. DISPUTE RESOLUTION. A. Disputes concerning performance under the Agreement will be decided by GEMA/HS, who shall reduce the decision to writing and serve a copy to the Subrecipient. Int the event a Party is dissatisfiedwitht the dispute resolution decision, jurisdiction for any dispute arising under the terms of the Agreement will be in Superior Courto ofFulton County, Georgia. Subrecipient hereby waive any defenses or objections thereto, including defenses based on the doctrine of forum non conveniens. State and] Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 17 of43 B. Except as otherwise provided by law, the Parties agree to be responsible for their own attorney fees incurred in connection with disputes arising under the terms of this Agreement. XIII. COMPLIANCE WITHI LAW A. Compliance With Applicable Laws And Regulations. It is understood and agreed that nothing contained in this Agreement, or any related agreement shall require any ofthe Parties herein to violate any policies OfGEMA/HS, DHS, or any laws or regulations oft the United States or the State of Georgia. B. State Laws. The validity, construction, and effect of this Agreement shall be C. Jurisdiction And Venue. In the event that any dispute, litigation, or other legal proceedings shall arise under or in connection with this Agreement, such litigation or other legal proceeding shall be conducted in the courts located within Fulton County, Georgia. Furthermore, the Parties consent to jurisdiction and venue in the Superior Court of Fulton County, Georgia, and hereby waive any defenses or objections thereto, including defenses based on the doctrine of forum non D. Effect of Changes in Federal and State Laws. Any alterations, additions, or deletions to this Agreement that are required by changes in federal and state laws, regulations or policy are automatically incorporated into this Agreement without written amendment to this Agreement and shall become effective upon the date designated by such law or regulation. In the event DHS/FEMA or GEMA/HS determines that changes are necessary to this Agreement after an award has been made, including changes to the period of performance or terms and conditions, Subrecipient shall be notified ofthe changes in writing. Once notification has been made, any subsequent request for funds will indicate Subrecipient's acceptance of E. Conflict of Interest. This Agreement is subject to the State of Georgia Code of Ethics found in O.C.G.A. $ 45-10-1. The Subrecipient shall disclose the name of any officer, director, employee, or other agent whoi is also an employee oft the State. The Subrecipient shall also disclose the name of any state employee who owns, directly or indirectly, more than a five percent (5%) interest in the Subrecipient or governed by the laws oft the State of Georgia. conveniens. the changes to this Agreement. its affiliates. 1. Subrecipients should take every precaution to avoid the appearance of a conflict of interest. Violations of the conflict-of-interest. standards may result in criminal, civil, or administrative penalties. In the use of agency project funds, officials, or employees of State or local units of government shall avoid any action that might result in, or create the appearance of: State and) Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 18 of43 a) Using his or her official position for private gain; b) Giving preferential treatment to any person; c) Losing complete independence or impartiality; d) Making an official decision outside official channels; or e) Affecting adversely the confidence of the public in the integrity of the government or the program. For example, where a Subrecipient of federal funds makes sub-awards under any competitive process and an actual conflict or an appearance ofac conflict ofinterest exists, thej person for whom the actual or apparent conflict ofinterest exists should recuse himself or herself not only from reviewing the application: for which the conflict exists, but also from the evaluation ofall competing applications. F. Boycott OfThe Nation Of Israel Prohibited. Each Party certifies that it is not currently engaged in al boycott of the nation of Israel, and that it will not engage: in such a boycott for the duration of this Agreement. G. Drug-Free Workplace. The Parties hereby certify as follows: 1. The Parties will not engage in the unlawful manufacture, sale, distribution, dispensation, possession, or use of a controlied substance or marijuana Ifthel Parties have more than one employee, that Party shall provide fors such employee(s) a drug-free workplace, in açcordance with the Georgia Drug- free Workplace Act as provided in O.C.G.A. $ 50-24-1 et seq., throughout 3. Parties will secure from any sub-contractor hired to work on any job assigned under this Agreement the following written certitication: "As part of the subcontracting contract with (the Party's name). (Sub-Contractor's Name) certifies to (the Party's name) that a drug-free workplace will be provided fort the: sub-Contractor's employees during thej performance ofthis MOU pursuant to paragraph 7 ofs subsection (b) ofO.C.G.A. $5 50-24-3." 4. Al Party may be suspended, terminated, or debarred ifiti is determined that: a) A Party has made false certification here in above; or during the performance of this Agreement; and 2. the duration oft this Agreement; and State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 19of43 b) A Party has violated such certification by failure to carry out the requirements ofO.C.G.A. $ 50-24-3(b). H. Sexual Harassment Prevention. The State of Georgia promotes respect and dignity and does not tolerate sexual harassment in the workplace. The State is committed toj providing a workplace and environment free from sexual harassment fori its employees and for all persons who interact with state government. All State of Georgia employees are expected and required to interact with all persons including other employees, contractors, and customers in a professional manner that contributes to a respectful work environment free from sexual harassment. Furthermore, the State of Georgia maintains an expectation that its contractors and their employees and subcontractors will interact with entities of the State of Georgia, their customers, and other contractors of the State in a professional manner that contributes to a Pursuant to the State ofGeorgia's Statewide Sexual Harassment Prevention Policy (the "Policy"), all contractors who are: regularly on State premises or who regularly interact with State personnel must complete sexual harassment prevention training If any of the Parties, including its employees and subcontractors, violates the Policy, including but not limited to engaging in sexual harassment and/or retaliation, that Party may be subject to appropriate corrective action. Such action may include, but is not limited to, notification to the employer, removal from State premises, restricted access to State premises and/or personnel, termination of contract, and/or other corrective action(s) deemed necessary by the State. 1. Ifthe Party is an individual who is regularly on State premises or who will regularly interact with State personnel, that Party certifies that: a) the Party has received, reviewed, and agreed to comply with the State of Georgia's Statewide Sexual Harassment Prevention Policy administration/board-mles-policy-and-complanceiointly-issued- latewide-poiciesseNepreyention-policy; b) thel Party has completed sexual harassment prevention trainingi int the last year and will continue to do sO on an annual basis; or will complete the Georgia Department of Administrative Services' sexual harassment prevention training located at this direct link htps/www.youtube.comvembeNyV:ODDnes/tel-0 prior to accessing State premises and prior to interacting with State employees; and on an annual basis thereafter; and State and) Local Cybersecurity Grant Program Subrecipient Agreement. FY22 Page 20 of43 respectful work environment free from sexual harassment. on an annual basis. located at htp:/doasgagovhnuan-resources- c) Upon request by the State, the Party will provide documentation substantiating the completion of sexual harassment training. 2. Ift the Party has employees and subcontractors that are regularly on State premises or who will regularly interact with State personnel, that Party a) the Party will ensure that such employees and subcontractors have received, reviewed, and agreed to comply with the State of Georgia's Statewide Sexual Harassment Prevention Policy located at htp./doasgagovhumapsoueradministnationboard-ules- policy-and-comp.ince/omntly-ssucd-statcwide-policies/sexual- certifies that: harassment-prevention-policy; b) the Party has provided sexual harassment prevention training in the last year to such employees and subcontractors and will continue to do sO on an annual basis; or Contractor will ensure that such employees and subcontractors complete the Georgia Department of Administrative Services' sexual harassment prevention training itps/www.youtube.comembeuNVIODDne/s/rel-0 prior to accessing State premises and prior to interacting with State employees; and on an annual basis thereafter; and Upon request of the State, the Party will provide documentation substantiating such employees and subcontractors' acknowledgment of the State of Georgia's Statewide Sexual Harassment Prevention Policy and annual completion of sexual located at this direct link c) harassment prevention training. I. Debarred, Suspended, and Ineligible Status. The Parties certify that eachl Party and/or any of its subcontractors have not been debarred, suspended, or declared ineligible by any agency of the State of Georgia or as defined in the Federal Acquisition Regulation (FAR) 48 C.F.R. Ch. 1 Subpart 9.4. Each Party will immediately notify the other Party if the Subrecipient and/or any subcontractors are debarred by the State or placed on the Consolidated List of Debarred, Suspended, and Ineligible Contractors by a federal entity. XIV. NOTICE A. All notices provided by Subrecipient under or pursuant to this Agreement shall be in writing GEMA/HS' Grant Manager and delivered by standard or electronic mail using the correct information provided below. State and Local Cybersecurity Grant Program Subrecipient Agreement. FY22 Page 21 of43 Ifto Georgia Emergency Management and Homeland Security Agency: Sheneka' Turner Preparedness Grants & Programs Manager 935 United Avenue Southeast Atlanta, Georgia 30316 Sheneka-Tumer@gema.ga.goy Office: 404-635-7068 Cell: 470-332-6784 B. Int the event that different representatives or addresses are designated by either Party after execution ofthis Agreement, notice oft the name, title and address oft the new representative will bej provided to the other Party. XV. PROCUREMENT AND CONTRACTING. A. The Subrecipient shall ensure that any procurement involving funds authorized by the Agreement complies with all applicable federal and state laws and regulations, toi include 2 C.F.R. $$200.318 through 200.327 as well as Appendix II to2C.F.R. Part 200 (entitled "Contract Provisions for Non-Federal Entity Contracts Under B. As required by 2 C.F.R. $200.318(1), the Subrecipient shall "maintain records sufficient to detail the history of procurement. These records will include but are not necessarily limited to the following: rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the C. As required by 2C.F.R. $200.318(b), the Subrecipient shall "maintain oversight to ensure that contractors perform in accordance with the terms, conditions, and specifications of their contracts or purchase orders." In order to demonstrate compliance with this requirement, the Subrecipient shall document, ini its quarterly report to GEMA/HS, the progress of any and all subcontractors performing work D. Except for procurements by micro-purchases pursuant to 2C.F.R. 9200.320(a)(1) or procurements bys smallj purchase procedures pursuant to 2C.F.R. $200.320(a)(2), if the Subrecipient chooses to subcontract any of the work required under this Agreement, then the Subrecipient shall forward to GEMA/HS a copy of any solicitation (whether mpativeropcompativ) at least fifteen (15) days prior to the publication or communication oft the solicitation. GEMA/HS shall review the solicitation and provide comments, if any, to the Subrecipient within seven (7) business days. Consistent with 2 C.F.R. $200.325, GEMA/HS will review the solicitation for compliance with the procurement standards outlined in 2 C.F.R. $8200.318 through 200.327 as well as Appendix Ito2C.F.R. Part 200. Consistent Federal Awards"). contract price." under this Agreement. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 22 of43 with 2 C.F.R. $200.318(k), GEMA/HS will not substitute its judgment for that of the Subrecipient. While the Subrecipient does not need the approval ofGEMA/HS in order to publish a competitive solicitation, this review may allow GEMA/HS to identify deficiencies in the vendor requirements or in the commodity or service specifications. GEMA/HS' review and comments shall not constitute an approval of the solicitation. Regardless of GEMA/HS' review, the Subrecipient remains bound by all applicable laws,1 regulations, and agreement terms. Ifduring its review GEMA/HS identifies any deficiencies, then GEMA/HS shall communicate those deficiencies to the Subrecipient as quickly as possible within the seven (7) business day window outlined above. Ifthe Subrecipient publishes a competitive solicitation after receiving comments from GEMA/HS that the solicitation is deficient, then 1. Terminate this Agreement in accordance with the provisions outlined in 2. Refuse to reimburse the Subrecipient for any costs associated with that E. Except for procurements by micro-purchases pursuant to 2 C.F.R. $200.320(a)(1) orj procurements by small purchase procedures pursuant to 2C.F.R. $200.320(a)(2), if the Subrecipient chooses to subcontract any of the work required under this Agreement, then the Subrecipient shall forward to GEMA/HS a copy of any contemplated contract prior to contract execution. GEMA/HS shall review the unexecuted contract andj provide comments, ifany, to the Subrecipient within seven (7) business days. Consistent with 2 C.F.R. $200.325, GEMA/HS will review the unexecuted contract for compliance with the procurement standards outlined in 2 C.F.R. $$200.318 through 200.327 as well as Appendix II to 2 C.F.R. Part 200. Consistent with 2 C.F.R. $200.318(k), GEMA/HS will not substitute its judgment for that of the Subrecipient. While the Subrecipient does not need the approval of GEMA/HS in order to execute a subcontract, this review may allow GEMA/HS to identify deficiencies in the terms and conditions of the subcontract as well as deficiencies in the procurement process that led to the subcontract. GEMA/HS's review and comments shall not constitute an approval of the subcontract. Regardless OfGEMA/HS' review, the Subrecipient remains bound by all applicable laws, regulations, and agreement terms. If during its review GEMA/HS identifies any deficiencies, then GEMA/HS shall communicate those deficiencies to the Subrecipient as quickly as possible within the seven (7) business day window outlined above. If the Subrecipient executes a subcontract after receiving a communication from GEMA/HS that the subcontract is non-compliant, then 1. Terminate this Agreement in accordance with the provisions outlined in GEMA/HS may: Section IX, Termination above; and, solicitation. GEMA/HS may: Section IX, Termination above; and, State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 23 of43 2. Refuse to reimburse the Subrecipient for any costs associated with that F. The Subrecipient agrees to include in the subcontract that (i) the subcontractor is bound by the terms of this Agreement, (ii) the subcontractor is bound by all applicable state and federal laws and regulations, and (it) the subcontractor shall hold GEMA/HS and Subrecipient harmless against all claims of whatever nature arising out oft the: subcontractor's; performance ofwork under this Agreement, to the G. As required by 2 C.F.R. $200.318(c)(1), the Subrecipient shall "maintain written standards of conduct covering conflicts ofi interest and governing the actions ofits employees engaged in the selection, award and administration of contracts." H. As required by 2C.F.R. $200.319, the Subrecipient shall conduct any procurement under this agreement "in a manner providing full and open competition." 1. Place unreasonable requirements on firms in order for them to qualify to do subcontract. extent allowed and required by law. Accordingly, the Subrecipient shall not: business; 2. Require unnecessary experience or excessive bonding; 3. Use noncompetitive pricing practices between firms or between affiliated companies; contracts; 4. Execute noncompetitive contracts to consultants that are on retainer 5. Authorize, condone, or ignore organizational conflicts ofi interest; 6. Specify only a brand name product without allowing vendors to offer an 7. Specify a brand name product instead of describing the performance, specifications, or other relevant requirements that pertain to the commodity equivalent; or service solicited by the procurement; 8. Engage in any arbitrary action during the procurement process; or, 9. Allow a vendor to bid on a contract if that bidder was involved with 10. drafting the specifications, requirements, statement of work, invitation to developing or bid, or request for proposals. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 24 of43 . Except in those cases where applicable Federal statutes expressly mandate or encourage otherwise, the Subrecipient, as required by 2 C.F.R. $200.319(c), shall not useag geographic preference when procuring commodities or services under this J. The Subrecipient shall conduct any procurement involving invitations to bid (i.e. sealed bids) in accordance with 2 C.F.R. $200.320(b)() as well as O.C.G.A. $50- K. The Subrecipient shall conduct any procurement involving requests for proposals (i.e. proposals) in accordance with 2 C.F.R. $200.320(b)(2) as well as O.C.G.A. L. FEMA has developed helpful resources for Subrecipients when procuring with federal grant funds because Subrecipients must comply with the Federal procurement standards outlined in 2 C.F.R. $$200.318 through 200.327 as well as Appendix II to 2 C.F.R. Part 200. These resources are generally available at htps/www.temagowpocuememi-disstrer-assistance-cam. FEMA periodically updates this resource page so please check back for the latest information. While not all the provisions discussed in the resources are applicable to this subgrant agreement, the Subrecipient may find these resources helpful when drafting its solicitation and contract for compliance with the Federal procurement standards outlined in 2C.F.R. $$200.318 through 200.327 as well as. Appendix IIto2C.F.R. Part 200. FEMA provides the following hands-on resources for Recipients of 1. 2023 Procurement Disaster Assistance Team (PDAT) Roadmap to htps/www.femagovAiteehaulvfie/doumensylema.roadmap.procu Agreement. 5-50 et seq. $50-5-50 et seq. federal funding: Procurement Compliance available at rement compliance checklist.pdf M. Contract Provisions. All contracts executed using funds awarded under this Agreement shall contain the contract provisions listed under 20 C.F.R. 200.326 and Appendix II (A), Uniform Administrative Requirements for Grants and Cooperative. Agreements to State and Local Governments. N. Procurement activities must follow the most restrictive of Federal, State and Local procurement: regulations: 1. 2. 4. Procurement by micro purchase Procurement by small purchase 3. Procurement by sealed bid Procurement by competitive proposal State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22. Page 25 of43 5. Procurement by non-competitive proposal, solely when the award of a contract is unfeasible under the other methods O. Sole Source Procurement. The Subrecipient's procurement procedures and regulations must conform to federal procurement laws and standards. All procurement transactions without regard to dollar value, whether negotiated or through a competitivel bid process shall be conducted in sucha manner as toj provide P. Should the Subrecipient elect to award a non-competitive proposal, justification must be providedand include a description oft the program and why iti is necessary to enter into ai non-competitive agreement. All sole-source: procurements as defined in2C.F.R. $ 200.320()mustr receive prior written approval from GEMA/HS. Q. Comply with rules related to underutilized businesses (small and minority businesses, women's enterprises and labor surplus firms) at 2 C.F.R. $200.321. maximum open and free competition. XVI. SUBCONTRACTING. A. In the event that the Subrecipient uses subcontractors or contractors, the Subrecipient shall use small, minority, women-owned or disadvantaged business concerns and contractors or subcontractors to the extent practicable as prescribed B. The Subrecipient understands that any public contracts and subcontracts funded by the SLCGP must comply with the requirements of O.C.G.A. $ 13-10-90, et seq., and Georgia Department ofLabor) Rules 300-10-1, et seq., to verify the contractor's or subcontractor's new employees' work eligibility through a federal work authorization program. The Subrecipient shall utilize the U.S. DHS E-Verify System to verify the employment eligibility of all persons hired during the by applicable Federal and State laws. Agreement term, XVII. MONITORING A. Subrecipient will be monitored periodically by federal, state or local entities, both programmatically and financially, to ensure that project goals, objectives, performance requirements, timelines, milestone completion, budget, and other B. GEMA/HS or its authorized representative, reserves the right to perform periodic desk/office-based and/or on-site monitoring of Subrecipient's compliance with this Agreement and of the adequacy and timeliness of Subrecipient's performance pursuant to this Agreement. After each monitoring visit, if the monitoring visit reveals deficiencies in Subrecipient's performance under this Agreement, a monitoring report will be provided to the Subrecipient and shall include requirements fort thet timely correction ofsuch deficiencies by Subrecipient. Failure program-related criteria are: met. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 26of43 by Subrecipient to take action specified in the monitoring report may be cause for termination ofthis Agreement pursuant to the Termination Section herein. . Subrecipient is responsible for and shall monitor its performance under this Agreement. Subrecipient shall monitor the performance of its contractors, consultants, agents, and who are paid from funds provided under this Agreement or D. In addition to reviews of audits conducted in accordance with federal auditing requirements, monitoring procedures may include, but not limited to, desk reviews and on-site visits by GEMA/HS staff, limited scope audits, and other procedures. acting in furtherance ofthis Agreement. XVILREPORTS A. Consistent with 2C.F.R. $200.328, the Subrecipient shall provide GEMA/HS with quarterly reports and a close-out report. These reports shall include the current status and progress by the Subrecipient and all subcontractors in completing the work described in the Scope of Work and the expenditure of funds under this Agreement, in addition to any other information requested by GEMA/HS. B. Equipment Inventory Report. The Subrecipient will: maintain an: inventory ofall grant-funded equipment and provide a copy to GEMA/HS at the end of the grant performance period. The Subrecipient will submit an updated inventory every year thereafter or as the equipment is disposed of. Equipment must be used for the intended purpose for the life of the equipment. There must be a decal on all equipment funded by GEMA/HS which states "Purchased with funding from the Georgia Emergency Management and Homeland Security Agency with funds provided by the U.S. Department of Homeland Security". The decal will be provided GEMA/HS must be given a written disposition plan for any equipment that has a value of$5,000 or more at least 30 days prior to disposal or at the end of its useful life, whichever date is sooner, Also, the GEMA/HS Program Manager will review the disposition plan within 30 days ofr receipt and provide approval or other instructions for disposal to the Subrecipient. 1. Inventory records must be maintained which include: Award number; . Description of the property; Serial number or other identification number; . Source oft the property orandmanufacluren); iii. Vendor ofthe property; iv. Identification oftitle holder; V. Acquisition date; vi. Cost oft the property; viii. Location of the property; vii. Percentage ofFederal participation in the cost of the property; State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 270 of43 ix. Use and condition oft the property; and X. Disposition data, including the date of disposal and sale price. C. Ouarterly Progress Report (Progress Report). The disposition of grant funds, including all obligations and expenditures, must be reported to GEMA/HS quarterly through the Progress Report module in the EM Grants Manager System, which is due within 30 days ofthe end of each calendar quarter. The: following reporting periods and due dates apply: Quarter AVORAIE Mtomnbe ROMUROIKVITS Date Range Ootoberl Decenbers VUARVIEMARIS Aprlly Junes0, Juyl September30 Duel Date January,31 April30 July31 October31 FAILURE TOHAVE. A CURRENT PROGRESS REPORT ON FILE. AT GEMA/HS WILL RESULTI IN WITHHOLDING OF REIMBURSEMENT UNTIL THE: PROGRESS REPORTIS RECEIVED. D. Biannual Strategy Implementation Reports ("BSIR"). The Subrecipient shall complete and submit any other reports as requested by GEMA/HS and cooperate and assist GEMA/HS in complying with the DHS tracking and reporting requirements. Specifically, without limitation, Subrecipient shall submit information at the request of GEMA/HS to assist in the submission of the BSIR, and any other reports, as required. E. Grant Closeout Report. The Subrecipient shall submit a final program report detailing all accomplishments throughout the project with the: final Progress Report. After both oft these reports have been reviewed and approved by GEMA/HS, a Closeout Report will be generated indicating the project has closed F. Ifall required: reports and copies are. not sent to GEMA/HS or are: not completed in a manner acceptable to GEMA/HS, then GEMA/HS may withhold further G. The Subrecipient shall provide additional program updates or information that may and listing any remaining funds to be de-obligated. payments until they are completed or may take other action. be required by GEMA/HS. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 28 of43 XIX. AUDITS A. Audit of] Federal Funds. 1. The Subrecipient agrees to comply with the organizational audit requirements of 2 CFR Part 200, Subpart F, Audits of States, Local Subrecipient's performance under the Agreement is subject to the applicable requirements published in the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Title 2 oft the United States Code of] Federal Regulations (C.F.R.) Part 200 hereinafter: referred to as the "Uniform Guidance." 3. Subrecipients that expend$750,000.00: ori more off federal funds during their fiscal year are required to submit an organization-wide financial and compliance audit report. Thea auditmust! bep performedin accordance with the Government Accountability Office's ("GAO") Government Auditing htp/www.gaogov/govaudyb.0l.hm, andi in accordançe with 2C.F.R. $ 200.514Scope of Audit. Audit reports are currently due to thel Federal Audit Clearinghouse no later than nine months after the end of the recipient's 4. Ifrequired to submit an audit report under the requirements of2 CFR Part 200, Subpart F, the Subrecipient shall provide GEMA/HS with written documentation showing that it has complied with the single audit requirements. Such documentation shall bei returned to GEMA/HS with this signed Agreement. The Subrecipient shall immediately notify GEMA/HS inv writing at any time that it isrequired to conduct a single audit and provide documentation within a reasonable time period showing compliance with Governments, and Non- Profit Organizations. 2. Standards, which may be accessed online at fiscal year. the single audit requirement. B. Right to Audit. Subrecipient shall give DHS, FEMA, CISA, the Comptroller General of the United States, the Georgia Department of Audits and Accounts, GEMA/HS, or any of their duly authorized representatives, access to and the right to conduct a financial or compliance audit of Grant funds received, and performances rendered under this Agreement. Subrecipient shall permit GEMA/HS or its authorized representative to audit Subrecipient's records. Subrecipient shall provide any documents, materials or information necessary to facilitate such audit. C. Subrecipient's Liability for Disallowed Costs. Subrecipient understands and agrees that it shall be liable to GEMA/HS for any costs disallowed pursuant to any financial or compliance audit(s) of these funds. Subrecipient further understands and agrees that reimbursement to GEMA/HS ofs such disallowed costs shall bej paid State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 29of43 by Subrecipient from funds that were not provided or otherwise made available to Subrecipient pursuant to this Grant or any other federal contract. D. Subrecipient's Facilitation of Audit. Subrecipient shall take such action to facilitate the performance of such audit(s) conducted pursuant to this Section as GEMA/HS may require of Subrecipient. Subrecipient shall ensure that this clause concerning the authority to audit funds received indirectly by subcontractors through Subrecipient and the requirement to cooperate is included in any E. State Auditor's Clause. Subrecipient understands that acceptance of funds under this Grant acts as acceptance of the authority of the State Auditor's Office to conduct an audit or investigation in connection with those funds. Subrecipient further agrees to cooperate fully with the State Auditor's Office in the conduct of the audit or investigation, including providing all records requested. Subrecipient shall ensure that this clause concerning the State Auditor's Office's authority to audit funds and the requirement to cooperate fully with the State Auditor's Office is included in any subgrants or subcontracts it awards. Additionally, the State Auditor's Office shall at any time have access to and the rights to examine, audit, excerpt, and transcribe any pertinent books, documents, working papers, and F. Subrecipient shall retain all records pertaining to this Agreement, regardless of the form oft thei record (e.g. paper, film, recording, electronic), including but notl limited to financial records, supporting documents, statistical records, and any other documents (hereinafterr rreferred to as "Records"): for aj period offive (5) State fiscal years after all reporting requirements are satisfied and final payments have been received, or if an audit has been initiated and audit findings through ligation or G. Subrecipient's must submit audit reports to the State of Georgia, by sendingacopy to the Georgia Department of Audits and Accounts, Nonprofit and Local Governments Audits, 270 Washington Street, SW, Room I-156, Atlanta, Georgia subcontract it awards. records of Subrecipient relating to this Grant. otherwise. 30334-8400. XX. RECORDS A. Retention and Maintenance of Records. The Subrecipient shall maintain books, records, and documents (including electronic storage media) in accordance with generally accepted accounting procedures and practices that sufficiently and properly reflect all revenues and expenditures of grant funds. All such records must be retained by the Subrecipient for ai minimum of three (3)years from the date that the DHS closes the State of Georgia's 2022 SLCGP grant. GEMA/HS will notify the Subrecipient in writing when the retention period begins. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 30 of43 1. The following are the only exceptions to the 3-year requirement: Ifany litigation, claim, or audit is started before the expiration oft the 3- year period, then the records must bei retained until all litigation, claims, or audit findings involving the records have been resolved and final ii. When GEMA/HS or the Subrecipient is notified in writing by the Federal awarding agency, cognizant agency for audit, oversight agency for audit, cognizant agency for indirect costs, or pass-through entity to iii. Records for real property and equipment acquired with Federal funds iv. When records are transferred to or maintained by the Federal awarding agency or pass-through entity, the 3-year retention requirement is not V. Records for program income transactions after the period of performance. In some cases, recipients must report program income after the period ofperformance. Where there is such ai requirement, the retention period for the records pertaining tot the earning ofthej program income starts from the end of the non-Federal entity's fiscal year in vi. Indirect cost rate proposals and cost allocations plans. This paragraph applies to the following types of documents and their supporting records: indirect cost rate computations or proposals, cost allocation plans, and any similar accounting computations of the rate at which a particular group of costs is chargeable (such as computer usage action taken. extend the retention period. must be retained for 5 years after final disposition. applicable to the Subrecipient. which the program income is earned. chargeback rates or composite fringe benefit rates). B. Access to Records. As required by 2 C.F.R. $200.337, the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and GEMA/HS, or any of their authorized representatives, shall enjoy the right of access to any documents, papers, or other records of the Subrecipient which are pertinent to thel Federal award, in order to make audits, examinations, excerpts, and transcripts. The right of access also includes timely and reasonable access to the Subrecipienfspersomel fort thej purpose ofinterview and discussion: related tos such documents. Finally, the right of access is not limited to the required retention C. Public Records. The laws of the State of Georgia, including the Georgia Open Records Act, as provided in O.C.G.A. Section 50-18-70 et seq., require period but lasts as. long as the records are retained. State and] Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 31 of43 procurement records, including pricing information, and other records to be made public unless otherwise provided by law. The Parties agree that this Agreement, any related purchase orders, related invoices, and related pricing lists willl bej public documents, and may be available for distribution. The Parties give each other express permission to make copies ofthis Agreement, any related purchase orders, related invoices, and related pricing lists. The permission to make copies as noted will take precedence over any statements of confidentiality, proprietary information, copyright tinformation, or similarn notation. D. SLCGP Specific Requirements. 1. The Subrecipient must use SLCGP funds only toj perform tasks as described int the Subrecpenfsapproyed: application for funding incorporated into this Subrecipients are required to complete the Nationwide Cybersecurity Review, ittps:/www.cisecunly.oryms-sacc/services/ncs, a free, anonymous, annual self-assessment designed to measure gaps and capabilities ofa SLT's cybersecurity programs, to benchmark and measure progress ofimprovement in their cybersecurity posture. Completion should continue annually. For more information, visit the Nationwide Cybersecurity Review's website at tpswww.dcaunyorg Subrecipients are required to participate in free cyber hygiene services, specifically vulnerability scanning and web application scanning. To register for these services, email ncrabliy@ciadhisgor with the subject line "Requesting Cyber Hygiene Services - SLCGP" to get started. Indicate in the body of your email that you are requesting this service as part of the SLCGP. For more information, visit CISA's Cyber Hygiene Subrecipients may retain a maximum ofup to five( (5)percent ofthe SLCGP grant agreement amount for management and administration activities, directly relating to the management and administration of SLCGP funds, Agreement. 2. 3. Information Page. 4. such as financial management and monitoring. E. Program-Specific Required Forms and Information. The following program- specific forms or information are required to be submitted in ND Grants as 1. SLCGP Investment Justifications. Each eligible entity is required to submit complete project-level information detailing how the program objectives and goals will be met to develop, implement, or revise its Cybersecurity Plan; establish a Cybersecurity Planning Committee; conduct assessments attachments: State and Local Cybersecurity Grant] Program Subrecipient Agreement FY22 Page 32 of43 and evaluations; and adopt key cybersecurity best practices. The FY 2022 Investment Justification must include the: following information: Only one application will be submitted by the eligible entity. It must include al brief description oft the capabilities oft the SLT agencies across the eligible entity related to the required elements oft the ii. The application will consist of up to fouri investments, one for each SLCGP objective (See Exhibit 1 for more: information on the goal and ii. Investments for SLCGP Objectives 1,2, and 3 must have at least one project. Investments for SLCGP Objective 4 are optional for thel FY 2022 SLCGP; however, it is important to note that identifying and mitigating gaps in the cybersecurity workforce, enhancing recruitment and retention efforts, and bolstering the knowledge, skills, and abilities of! personnel are still statutory requirements for Cybersecurity Plans to address even ift the eligible entity does not use grant funds to carry this iv. Requests to use: funding to address imminent cybersecurity threats must be addressed in the Investment Justification ("IJ") for Objective V. Each investment must describe how each project aligns to the Subrecipient's Cybersecurity Plan if applying fora a grant to implement or revise the Cybersecurity Plan, or will align with the entity's Cybersecurity Plan ifapplying for a grant to develop a Cybersecurity Plan. Subrecipients must also describe how implementing the plan will vi. Each project must include an explanation of how the proposed project(s) will achieve the program objectives as identified inl Exhibit 1.Ap project schedule with clearly defined milestones must also be Cybersecurity Plan. Each eligible entity is required to submit its Cybersecurity Plan that adheres to the 16 required elements identified in section 2220A of the Homeland Security Act of 2002 as amended by the BIL and included in Appendix C of the FY 2022 SLCGP DHS/FEMA NOFO unless the eligible entity is applying for funds to develop a Cybersecurity Plan as described more below. The Cybersecurity Plan must include a description of Subrecipient's roles, an assessment of capabilities foreach element, address resources and timeline fori implementing thel Plan, Cybersecurity Plan. objectives). out. 3. bei measured (metrics). included. 2. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 33 of43 and identify metrics. Subrecipient governments are encouraged to take a holistic approach in the development oft their Plan as entities must be able to sustain capabilities once SLCGP funds are no longer available. The role ofs state entities as coordinator and service provider to local entities should be encouraged and supported. For more information on the Cybersecurity Plan, please refer to Appendix C of the FY 2022 SLCGP DHS/FEMA Cybersecurity Planning Committee Membership List. The Cybersecurity Planning Committee should be seen as a platform to identify and then prioritize state-wide efforts, to include identifying opportunities to consolidate projects to increase efficiencies. Each eligible entity is required to submit confirmation that the committee is comprised of the required representatives. The Subrecipient must also confirm that at least one-halfof the representatives of the committee have professional experience relating to cybersecurity or information technology. For more information on the composition of the Cybersecurity Planning Committee, including how to leverage existing planning committees, please refer to Appendix B of the Cybersecurity Planning Committee Charter. The Cybersecurity Planning Committee Charter must be submitted with the Cybersecurity Planning Committee Membership List attached as specified in Appendix B oftheFY Cybersecurity Plan Submission Exception Request (ifapplicable). Subrecipients may request an exception to submitting their Cybersecurity Plan at the time of application. The exception request must be supported by the ChiefInformation Officer ("CIO"), Chief Information Security Office ("CISO"), or equivalent official. ii. Ifan exception is requested, SLCGP funds can only initially be used for activities that are integral to the development oft the Cybersecurity Plan or are: necessary to assist with activities that address imminent cybersecurity threats. Activities integral to the development ofa Cybersecurity Plan are limited to investments and projects aligned to Objective 1 and Objective 2 as listed in Exhibit 1. Activities to address imminent cybersecurity threats are. limited to investments and projects iii. The Subrecipient must also include a certification, either as a separate document or as part oft the applicable IJ(s), that all activities funded by the grant are integral to the development oft the Cybersecurity Plan or are: necessary to assist with activities that address imminent NOFO. 3. FY2022 SLCGP DHS/FEMA NOFO. 4. 2022 SLCGP DHS/FEMA NOFO. 5. aligned to Objective 3 as listed in Exhibit 1. State and] Local Cybersecurity Grant Program Subrecipient Agreement. FY22 Page 34of43 cybersecurity threats, as confirmed by the Secretary, acting through the CISA Director, to the information systems owned or operated by, or on behalf of, the eligible entity or a local government within the jurisdiction ofthe eligible entity. If grant funding is necessary to assist with activities that address imminent cybersecurity threats, then that iv. Subrecipient seeking funding to develop a Cybersecurity Plan must still submit IJs for Objectives 1,2, and 3, noting that they will need to be updated once the Cybersecurity Plan is completed and approved. It iss still optional to submit an IJ for Objective 4 as listed in] Exhibit1 1. V. Once the Cybersecurity Plan is completed and approved by the Cybersecurity Planning Committee and CIO, CISO, or equivalent official, the applicant must then submit updated IJs for Objectives 1,2, and 3, along with an updated IJ for Objective 4 ifone was previously submitted, to DHS with the approved Cybersecurity Plan. vi. The following is required to request an exception: should be noted on the applicable IJ. a) Statement from the Subrecipient as to why they do not have an b) High-level plan, including dates and milestones, for completing C) Signatures ofsupport from the eligible entity and CIO, CISO, approved Cybersecurity Plan; and submitting the Plan to DHS; and ore equivalent official. F. Other Federal Records Requirements. 1. In accordance with 2 C.F.R. $200.335, the Federal awarding agency must request transfer of certain records to its custody from GEMA/HS or the Subrecipient when it determines that the records possess long-term 2. In accordance with 2 C.F.R. $200.336, GEMA/HS must always provide or accept paper versions of Agreement information to and from the Subrecipient upon request. Ifpaper copies are submitted, then GEMA/HS must not require more than an original and two copies. When original records are electronic and cannot be altered, there is no need to create and retain paper copies. When original records are paper, electronic versions may be substituted through the use of duplication or other forms of electronic media provided that they are subject to periodic quality control retention value. State and] Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 35 of43 reviews, provide reasonable safeguards against alteration, and remain 3. As required by 2 C.F.R. $200.303, the Subrecipient shall take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or GEMA/HS designates as sensitive or the Subrecipient considers sensitive consistent with applicable Federal, state, local, and tribal laws regarding privacy and obligations of readable. confidentiality. G. Fusion Centers. The Subrecipient agrees that any funds utilized to establish or enhance state and local fusion centers must support the development ofa statewide fusion process that corresponds with the Global Justice/Homeland Security Advisory Council Fusion Center Guidelines and achievement ofa baseline level of 1. The Subrecipient agrees that Homeland Security Information Network must serve as the primary vehicle by which information /intelligence is shared with DHS/FEMA as part of the fusion process across the federal, state, local, regional, tribal and private sectors. All statewide information sharing and analysis centers utilizing SLCGP funds must establish connectivity with the DHS/FEMA Homeland Security Operations Center via the HSIN to comply with FEMA policy legislation as outlined in the Program capability as defined by the Fusion Capability Planning Tool. Guidance. H. The Subrecipient shall maintain all records for the Subrecipient and for all subcontractors or consultants to be paid: from funds provided under this Agreement, including documentation of all program costs, in a form sufficient to determine compliance with the requirements and objectives of the approved Budget Cost Lines and all other applicable laws and regulations. XXI. Special Conditions. A. The Subrecipient agrees to comply with thel FY2022 State and Local Cybersecurity Grant Program Agreement Articles and FY 2022 State and Local Cybersecurity Grant Program Amendment Letter, included with this Agreement as Attachment B and C, respectively. References in the attachment to "recipient" apply to the B. The Subrecipient agrees to cooperate with any assessments, national evaluation efforts, requests for information or data collection, including, but not limited to, Subrecipient' t's requirements as subrecipient. State and) Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 36 of43 thej provision ofa any information regardinganyactivities: within this agreement that C. Protected Critical Infrastructure Information. Protected Critical Infrastructure Information ("PCII") will be treated in a manner consistent with the Critical Infrastructure Information Act of 2002 ("CIIA"), 6 U.S.C. $$131 - 134, which created ai new: framework, that enables state and local jurisdictions and members of the private sector to voluntarily submit sensitive information regarding critical infrastructure to DHS/FEMA. The CIIA also provides statutory protection for voluntarily shared CII from public disclosure and civil litigation. If validated as PCII, these documents can only be shared with authorized users who agree to safeguard the information. PCII accreditation is a formal recognition that the covered government entity has the capacity and capability to receive and storel PCII. DHS requires all State Administering Agencies ("SAA") to complete the PCII accreditation process. Accreditation activities include signing a memorandum of agreement with DHS, appointing a PCII Officer, and implementing a self- D. Selected Items of Cost: The Subrecipient agrees to comply with the requirements ofOMB 2 C.F.R.Part 225, Selected Items of Cost. Physical inventories must be taken at least once every two (2) years to ensure that assets received through this Agreement exist and are in use. Governmental units willmanage and maintain may bei required for the assessment or evaluation. inspection program. equipment in accordance with State laws and procedures. E. Environmentall Historical Preservation ("EHP"). 1. The Subrecipient shall comply with all applicable federal, state, and local environmental and historic preservation ("EHP") requirements and shall provide any information requested by FEMA or GEMA/HS to ensure compliance with applicable laws and regulations, including: Federal EHP regulations, laws, and Executive Orders; National Environmental Policy Act; National Historic Preservation Act; Endangered Species Act; and Executive Orders on Floodplains (11988), Wetlands (11990), and Environmental Justice (12898). Failure of the Subrecipient to meet federal, state, and local EHP requirements and obtain applicable permits may jeopardize federal funding. The Subrecipient shall not undertake any project having the potential to impact EHP resources without prior approval from FEMA, through GEMA/HS, including but not limited to communications towers, physical security enhancements, new construction, modifications to buildings, and replacement of facilities. The Subrecipient shall coordinate with GEMA/HS regarding any activities using grant funding that requires specific documentation of compliance with federal laws and/or regulations. 2. The Subrecipient shall provide any information requested by GEMA/HS or FEMA to ensure compliance with applicable federal EHP requirements. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 37 of43 Any change to the approved project ors scope of work will require re- evaluation for EHP compliance. If ground-disturbing activities may occur during project implementation, the Subrecipient must ensure monitoring of ground disturbance, and, if any potential archeological resources are discovered, the recipient willimmediately cease construction int thatareaand notify GEMA/HS, and the Georgia Department of Natural Resources, 3. The Subrecipient shall not undertake any project using SLCGP funding to which the National Environmental Policy Act (NEPA) requirements are applicable without first obtaining writtenapproval from FEMA, through GEMA/HS. The Subrecipient shall coordinate with GEMA/HSregarding any activities using grant funding that requires specific documentation of 4. Any construction activities initiated prior to the full environmental and historic preservation review and evaluation will result in ai non-compliance 5. For more information regarding FEMA's EHP requirements, the Subrecipient should refer to the FY 2022 SLCGP DHS/FEMA NOFO (Attachment H) and FEMA's information Bulletins 329, 345, 356, 371, itps/www.iema.gvgrantyloolsenvrommenta-nisioric/preparation- Georgia State Historic Preservation Division. NEPA compliance. finding and will not be eligible for SLCGP funding. 404, resources. and 404 available at F. Federal Funding Accountability and Transparency Act ("FFATA"). 1. All new subawards under this grant of $30,000 or more are subject to FFATA reporting requirements. The Subrecipient is responsible for providinganyi information: requested by GEMA/HS1 to completetherequired 2. Unless exempt, the Subrecipient shall report the names and total compensation of its five most highly compensated executives for its preceding completed fiscal year. This reporti is onlyrequired if: Inthe Subrecipient's; preceding fiscal year, the Subrecipient received 80 percent or more of itsannual gross revenues from federal procurement contracts and subcontracts and: federal finançial assistance: subject tot the Transparency Act, as defined at 2 CFR 170.320 (and subawards); and ii. The public does not have access to information about the compensation of the executives through periodic reports filed under section 13(a) or report. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 38 of43 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 61104 ofthe Internal Revenue Code of1986. iii. Additional information regarding the FFATA requirements can be found at the following links: a) ntp/www.remagov/ai/pvemmentgnnlgrantbuletinsintos 50.pdf b) www.fsrs.gov. G. National Incident Management System (NIMS) 1. National Initiatives: Prior to allocation of any Federal preparedness awards in FY 2022, Subrecipients must ensure and maintain adoption and implementation of the NIMS. Although not required by DHS/FEMA, GEMA/HS requires SLCGP Subrecipients to maintain the adoption and implementation of NIMS. DHS/FEMA describes the specific training and activities involved inl NIMS implementation in thel NIMS Training Program tps/www.emagov/training-0and the NIMS Implementation Objectives htps/www/femagov/mplamentatiorgudidance-amd-reporting 2. Incident management activities require carefully managed resources (personnel, teams, facilities, equipment, and/or supplies). Utilization oft the standardized resource management concepts' such as typing, credentialing, and inventorying promote a strong national mutual aid capability needed to support the delivery of core capabilities. Recipients should manage resources purchased or supported with DHS/FEMA grant funding according to NIMS resource: management guidance. Additional information on resource management and NIMS resource typing definitions and job titles/position qualifications are available on DHS/FEMA's website at htps/www.femagovisouremanasement-mulual-aid. H. Disposition of Equipment Acquired Under the Federal Award (Article XLVIII). For purposes of original or replacement equipment acquired under this award by a non-state recipient or non-state subrecipients, when that equipment is no longer needed fori the original project or program or for other activities currently or previously supported by a federal awarding agency, you must request instructions from FEMA to make proper disposition of the equipment pursuant to 2C.F.R. section 200.313. State recipients and state subrecipients must follow the disposition requirements in accordance with statel laws and procedures. The Subrecipient understands and agrees that for any copyrightable work based on orc containing data first produced under this. Agreement, the Subrecipient shall grant the government ai royalty- free, nonexclusive, and irrevocable license to reproduce, I. State and) Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 39 of43 display, distribute, perform, disseminate, or prepare derivative works, and to authorize others to do sO, for government purposes on all such copyrighted works. The Subrecipient shall affix the applicable copyright notices of1 17 U.S.C. $401 or 402 and an acknowledgment of government sponsorship, including the grant award J. If the Subrecipient is found to be in violation of any of the conditions of this agreement, including any attachments hereto, or ofapplicable federal and statel laws orr regulations, in addition to any other reçourse available, GEMA/HS shall notify the Subrecipient that additional funds in connection with which the violation occurred will be withheld until such violation has been corrected tot the satisfaction ofGEMA/HS. In addition, GEMA/HS may withhold or require repayment of any portion of the financial award which has been or is to be made available to the Subrecipient, or retained and obligated or expended on behalf of the Subrecipient, for other projects under this program until adequate corrective action is taken. number, to any work first produced under this grant award. XXII. MISCELLANEOUS TERMS A. Headings. The headings in this Agreement are inserted for reference and convenience only and shall not enter into the interpretation hereof. B. Severability. Ifany oft thej provisions oft this Agreement shall bel held by a court or other tribunal ofo competent jurisdiction to bei illegal, invalid, or unenforceable, such provisions shall be limited or eliminated to the minimum extent necessary sO that C. Survivability. This Agreement shall remain in full force and effect to the end of the specified term or until terminated pursuant to this Agreement. All obligations oft the Parties incurred or existing under this Agreement as ofthe date ofexpiration or termination will survive the termination or expiration oft this Agreement. D. Assignment. A Party may, nor will it have the power to, assign or novate this E. Dispute Resolution. In the event of any conflict involving activities conducted pursuant to this Agreement, the Parties will make reasonable efforts to informally resolve the issue. An attempt will first be made by the respective Parties organizations toi resolve thei issue at the stafflevel. Ifthe matter cannot be resolved, the issue will be discussed by the respective decision-makers. Nothing in this section shall be construed to restrain the Parties from issuing correspondence, or other formal written communications to document or clarify an issue that is in this Agreement shall otherwise remain in full force and effect. Agreement with the consent oft the other Parties. conflict or dispute. State and Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 40 of43 F. Sanctions. If a Subrecipient materially fails to comply with the terms and conditions of an award, GEMA/HS or DHS/FEMA may take one or more oft the 1. Temporarily withhold cash payments pending correction of the deficiency following actions, as appropriate in the circumstances: by the Subrecipient. 2. 3. Disallow (that is, deny both use off funds and any applicable matching credit for) all or part oft the cost oft the activity or action not in compliance. Wholly or partly suspend or terminate the current award. 4. Withhold future awards for the project or program. Pursue any other legal remedy that may be available, SLCGP grant funding to another local jurisdiction. 5. 6. Require reassignment of any tangible or intangible items purchased with G. Reservation of Rights. This Agreement will in no way diminish or otherwise affect the Parties' authority to fully carry out their rights and responsibilities under applicable laws and regulations nor will it affect the Parties' abilities or rights to raise any defenses available under law in the event that one Party initiates an administrative or judicial enforcement action against another Party. Subject to applicable security, classification, and other confidentiality laws and regulations, nothing in this Agreement shall be construed to prohibit the Parties from using information developed under this Agreement in furtherance of their statutory duties, rights, and obligations. H. Parties' Signature and Authority. The Parties' representatives, in signing this Agreement, sign only as properly authorized representatives of their respective Parties and do not assume any personal liability thereby. The Parties' representatives executing this Agreement warrant that they have full and current legal authority to act and contract on behalf oft their Parties. 1. Under this Agreement, GEMA/HS will execute the interests and responsibilities of the Recipient. The individual designated to represent the State of Georgia is James C. Stallings, Authorized Recipient Official. The State has designated Linda Cribleza as thel Program Manager ofthis program. The Subrecipient's. Authorized Official has the authority to legally bind the Subrecipient and will execute the interests and responsibilities of the Subrecipient. The Subrecipient's Authorized Official is the person whose name and signature appear on page ten (10) ofthis agreement. State and Local Cybersecurity Grant Program Subrecipient. Agreement FY22 Page 41 of43 XXIII. Entire Agreement: Waiver; Signature and Delivery. This Agreement, including the incorporated Attachments and Exhibits, supersedes all prior agreements, both verbal and written, and any discussions and writings and constitutes the entire agreement between the Parties with respect to the specific subject matter hereof. No waiver or modification oft this Agreement will be binding upon any. Party unless made in writing and signed by a duly authorized representative of such Party and no failure or delay in enforcing any right shall be deemed a waiver of such right. Execution and delivery ofthis. Agreement electronically is hereby deemed valid and effective, and a signed facsimile or electronic copy is hereby deemed an original for all purposes. (SIGNATURES ON FOLLOWINGPAGE) [THIS SPACE! HAS BEEN INTENTIONALLYLEFTI BLANK] State and) Local Cybersecurity Grant] Program Subrecipient. Agreement! FY22 Page 42 of43 SIGNATURE PAGE IN WITNESS WHEREOF, the Parties state and affirm that they are duly authorized to bind their respective entities designated below as of the day, month, and year indicated. GEORGIA EMERGENCY MANAGEMENTAND HOMELAND SECURITY. AGENCY Rockdale (county) (NAME OF SUBRECIPIENT) BAoh Signature Signature Osborn Nesbitt Sr. Printed Name of Signatory Chairman Title of Signatory 10 Date of Signature 58-6000882 Agency FEID (XX-XXXXXXX) YGJKXDVLANN8 Agency UEI Number XXXXXXXXX) Printed Name of Signatory Title ofSignatory 10 Date ofSignature 03 2024 03 2024 State andl Local Cybersecurity Grant Program Subrecipient Agreement FY22 Page 43of43