FFY 2024 State & Local Cybersecurity Grant – Local & Tribal (SL)

The California Governor’s Office of Emergency Services (Cal OES), through its Homeland Security & Emergency Management (HSEM) Branch, administers the State and Local Cybersecurity Grant Program (SLCGP) for Local and Tribal entities in Federal Fiscal Year 2024. This initiative is part of a broader effort established under the Infrastructure Investment and Jobs Act of 2021 to strengthen the cybersecurity resilience of state, local, and tribal (SLT) governments. The program is intended to address systemic cyber risks and bolster the security of information systems that support critical infrastructure and public services. This competitive funding opportunity, officially released on January 16, 2026, is governed by the requirements set forth in this Request for Proposal (RFP) and the federal Notice of Funding Opportunity (NOFO), alongside the California State Supplement. The program’s primary objectives are structured around enhancing cyber governance, conducting risk assessments, implementing mitigation strategies, and developing a qualified cybersecurity workforce. All funded projects must align with at least one of the four objectives articulated by the Cybersecurity and Infrastructure Security Agency (CISA): Governance and Planning, Assessment and Evaluation, Mitigation, and Workforce Development. Furthermore, the California Cybersecurity Task Force’s subcommittee has prioritized several key initiatives such as increasing system resilience, establishing risk-based mitigation processes, workforce capacity building, and improving rural access to cybersecurity resources. Applicants are expected to propose projects that reflect these statewide and federal priorities, demonstrating alignment with the state’s approved cybersecurity plan. Eligible applicants include local governments and federally recognized tribes in California, provided they meet definitions established in federal code. However, entities previously funded under FFY22 or FFY23 cycles of the SL Program are ineligible for this round. Applicants must submit proposals via email in PDF format by 11:59 PM (PDT) on Friday, March 13, 2026. Submissions must include three mandatory components: the Notice of Interest (NOI), the Project Worksheet (Excel format), and the Cybersecurity Maturity Survey. These documents must be completed using Cal OES-provided templates and should not be altered. The Cybersecurity Maturity Survey must be submitted as a PDF attachment. Proposals failing to include all required documents or that do not comply with submission requirements will be deemed ineligible. The total funding available for the FFY24 cycle is $9,682,381, with each applicant eligible to request up to $250,000. Projects must span a 24-month performance period from July 1, 2026, through August 31, 2028. A 30% match, either cash or third-party in-kind, is required for all projects; no waivers are permitted. Funds can be used for a variety of activities including planning, organization, training, exercises, equipment procurement, and management and administration (M&A). However, costs such as cybersecurity insurance, ransom payments, and land acquisition are explicitly prohibited. Up to 5% of the subaward can be used for M&A, and indirect costs are allowed following guidance provided in the state supplement. Project proposals will be reviewed and rated by a three-member evaluation panel based on completeness, clarity, and alignment with program goals. Ratings range from "Absent" to "Excellent." Final funding decisions are made by the Director of Cal OES, who may also consider geographic distribution and prior grant compliance performance. Applicants designated as rural (defined by populations under 50,000) will be evaluated separately until the federal 25% rural pass-through requirement is met. Funding decisions will be communicated electronically, with outcomes classified as "Intent to Fund," "Denial," or "Ineligibility." Successful applicants must finalize grant documentation within 60 days of receiving an "Intent to Fund" notice. This includes securing a Unique Entity Identifier through SAM.gov and confirming eligibility status. Once the subaward is executed, recipients may submit payment requests for allowable costs incurred on or after July 1, 2026. Subrecipients must also participate in CISA’s Cyber Hygiene vulnerability scanning program and submit annual performance progress reports during the performance period. The final report is due by September 29, 2028. Failure to meet reporting requirements may result in funding suspension or termination.

Ensure exact formatting and attachment inclusion to avoid disqualification; follow all instructions precisely.