Back

How Nonprofits Win a 2026 Security Grant (and Actually Get Protected)

Nonprofits can request up to $200,000 per site from the FY 2026 NSGP. How the grant works, how it's scored, and how to fund real-time protection.

Stu Waters
Stu Waters
Jul 13, 2026

Threats against houses of worship, schools, and community organizations keep rising, but the budget to defend against them rarely keeps pace. That gap is what the Nonprofit Security Grant Program exists to close. For FY 2026, FEMA has made $300 million available, and eligible organizations can request up to $200,000 per site across as many as three sites, with no matching funds required.

Winning the grant is hard. So is spending it in a way that actually changes anything. A lot of applications end up funding hardware that records incidents after they happen, when the same money could fund a system that helps catch them in real time. This guide covers how the program works, how reviewers score it, and how to build a request that protects more of your people per dollar.

Two funding programs, one goal

The NSGP is the largest federal funding source dedicated to protecting at-risk nonprofits, including houses of worship, schools, community centers, and service organizations. FY 2026 offers $300 million nationally, capped at $200,000 per site and $600,000 across three sites, with no cost-share.

California nonprofits have a second path. The California State NSGP is a state-funded program focused on organizations at risk of hate-based crimes, and it ran $76 million in its most recent cycle. You don't have to pick one. A lot of organizations phase projects across both, using one program to fund what the other can't.

Who can apply, and where

You need to be a 501(c)(3) that can show elevated risk of a terrorist, extremist, or (for the state program) hate-based attack tied to your ideology, beliefs, or mission.

Three logistics catch first-time applicants. First, you apply through the state, not FEMA. In California that means Cal OES, which reviews and scores applications before forwarding them to FEMA, and it sets its own deadline earlier than the federal one. Second, you have to pick the right funding stream. NSGP-UA is for organizations inside FEMA-designated high-risk urban areas like the Bay Area, and NSGP-S is for everyone else. Apply to the wrong one and you're disqualified, full stop. Third, you need a Unique Entity Identifier from SAM.gov. It's free, but registration can take weeks, so start it before you touch anything else.

What reviewers score: threat, vulnerability, consequence

Reviewers aren't grading effort. They score how tightly you connect a documented threat, a specific vulnerability, and a serious consequence, and whether the equipment you request resolves that chain. The rubric is published right in the funding notice, so write to it directly.

A few things move the score more than anything else:

  • Be specific about the threat. "Crime is rising nationally" scores poorly. "We got threatening emails in March (police report #), and two similar organizations nearby were vandalized this year" scores well. Start an incident log today, with dates, report numbers, and photos.
  • Mirror your assessment. Every vulnerability you cite and every item you request has to trace back to a finding in your vulnerability assessment. Reviewers cross-check.
  • Measure consequence in people. Congregation size, students enrolled, peak occupancy. You're protecting people, not property, and that's what justifies the money.
  • Request capability, not equipment. An application for "cameras" asks reviewers to fund recording. An application for real-time detection tells them what changes: threats caught as they happen, staff alerted in seconds, response coordinated instead of scrambled.
  • Show sustainment. A sentence or two on how you'll absorb the ongoing costs into your operating budget after the grant period ends.

One more edge worth knowing. Organizations that have never received NSGP funding earn bonus points, 15 in the most recent cycle. If this is your first application, your odds are meaningfully better than you'd think. Say so.

The three documents that do the work

A complete application rests on three pieces, and reviewers check them against each other.

The Investment Justification is the scored application. It's a fillable PDF with strict space limits. No attachments, no addendums, always the current-year form, always kept digital. A scanned copy is disqualified.

The Vulnerability Assessment is the evidence behind every request. You need one per physical address, and it has to be recent. CISA runs these at no cost, and Cal OES publishes a free worksheet and webinar if you'd rather do it yourself with local law enforcement.

The Mission Statement is short. Who you are and who you serve. Put anything here that raises your risk profile, like your community, your beliefs, and the activities that make you a target.

The mistakes that disqualify people every year

These aren't scoring deductions. They're hard rejections, and reviewers see them constantly:

  • A scanned or printed-and-signed IJ instead of the fillable PDF.
  • Last year's IJ form.
  • Going over the space limits, or attaching addendums.
  • Applying to the wrong funding stream.
  • An incomplete package, or one assessment covering multiple addresses.

Two more things to know before you win. NSGP is a reimbursement grant, so you spend first and get paid back, and anything you spend before the award date isn't covered. And installation needs FEMA Environmental and Historic Preservation approval before anything gets mounted or drilled. That one matters a lot for older buildings, so don't schedule the install until you've cleared it.

Getting more protection per grant dollar

Because funding is capped per site, the real question isn't how much hardware you can buy. It's how much of your building you can actually protect with the money you're allowed to request.

That's where recording and real security part ways. A camera that only records buys you footage to review after something has already happened. What changes the math is connecting your cameras, doors, visitor check-in, and emergency workflows into one system that watches activity as it happens and flags a threat while there's still time to act on it. Instead of piecing together what went wrong afterward, staff get alerted in the moment and can coordinate a response.

That's also the exact chain reviewers are scoring. Real-time detection spots things like firearms, unauthorized entry, and safety events as they occur, alerts staff in seconds, and ties the response together. It's the difference between an application that funds a recorder and one that funds prevention.

How Coram fits

Coram adds real-time AI detection for weapons, intrusions, and safety events to the cameras you already own, and it works with your existing infrastructure, so there's no rip and replace. It's one platform across video, access, visitors, and emergency response rather than four disconnected tools. For a capped grant, that shows up in three practical ways.

More protection per dollar. Since funding is capped per site, upgrading your existing cameras with AI detection usually covers more of your facility than replacing hardware would, and that's the kind of efficiency reviewers notice. [ADD A REAL EXAMPLE IF YOU HAVE ONE, e.g. a site that covered every entrance by upgrading existing cameras instead of replacing them.]

A budget built on real numbers. You get an itemized quote and bill of materials you can drop straight into your IJ budget, so your line items use real figures instead of estimates.

Application-ready language. We help you describe each item as a capability tied to a specific assessment finding, which is exactly what the rubric rewards.

Start this week

FEMA released the FY 2026 funding notice on June 24, 2026, and state deadlines follow within weeks. The state-funded CSNSGP usually opens its next window in the fall. Even if you don't make this cycle, the work you do now carries forward. The assessment, the incident log, and the first-time bonus all stay intact for the next window.

So this week: confirm the Cal OES deadline and download the FY 2026 IJ form from the Cal OES Infrastructure Protection Grants page, register for a UEI at SAM.gov, book a vulnerability assessment through CISA (or complete the Cal OES worksheet with local law enforcement), start your threat and incident log, and get itemized vendor quotes so your budget runs on real numbers.

If you want a hand mapping your assessment findings to a capability-based budget, we'll walk your team through the assessment, the budget, and the application at no cost. Book a walkthrough with Coram →

FAQ

How much money can my nonprofit get from the NSGP?
Who is eligible to apply?
Do I apply to FEMA directly?
What's the difference between NSGP-UA and NSGP-S?
What documents do I need to submit?

Get an Instant Quote