Cybersecurity Grant Program

The Cybersecurity Grant Program, offered through the New York State Division of Homeland Security and Emergency Services (DHSES), is a targeted funding initiative designed to help local jurisdictions enhance their cybersecurity capabilities. Supported by up to $1,750,000 in federal FY2023 State Homeland Security Program (SHSP) funding, this competitive grant provides individual awards of up to $50,000 for eligible applicants. DHSES recognizes that increasing reliance on digital systems across local government sectors—from emergency services to utilities—has exposed these systems to heightened cybersecurity threats. The CEPA risk assessment identified cybersecurity incidents as the highest-rated adversarial threat statewide, while simultaneously highlighting weaknesses across policy, training, and technology. This grant aims to address those gaps. The program’s main objectives are fivefold: to improve cybersecurity infrastructure through funding for hardware, software, and training; to conduct vulnerability and risk assessments using the CIS Controls framework; to implement user-level training and organizational policies to support good cyber hygiene; to establish actionable response and recovery plans; and to promote participation in statewide and national cybersecurity networks. DHSES encourages applicants to use the Center for Internet Security (CIS) Controls Implementation Group 1 safeguards to guide their application and provides a modified assessment tool within the application materials to support this process. Applicants may use funding for planning, equipment purchases, training, and exercises, provided these align with SHSP guidance. Examples of permissible expenses include firewalls, malware detection software, consultant services for planning, end-user training, and cybersecurity exercises. However, the program does not permit spending on administrative overhead, personnel hiring, or construction-related costs. Detailed cost guidance is included in Exhibit A of the RFA. Only New York State counties and municipal governments (cities, towns, villages) are eligible to apply. Each jurisdiction may submit only one application, and coordination is encouraged to avoid duplicates. Applications must be submitted via the DHSES E-Grants system by 5:00 PM ET on December 4, 2025. Applicants must also submit a detailed Application Worksheet in Excel format, which includes budget narratives, a CIS Controls Assessment, and a multi-year sustainability plan. A key requirement is participation in the Nationwide Cybersecurity Review (NCSR). The evaluation process uses a two-tiered system. Tier 1 confirms submission completeness and eligibility, while Tier 2 applies a 100-point scoring rubric across five categories, including CIS Controls Assessment, budget alignment, and long-term planning. Unfunded applicants from prior years receive 5 bonus points. Grant award notifications are expected in early 2026, and awarded projects must be completed by August 31, 2026. This program is anticipated to recur annually; thus, applicants should plan for ongoing maintenance beyond the award period.

Projects aligning with CIS Controls Group 1 are favored; inconsistent budgets may reduce scores; use free training resources before requesting funding.