2024-25 State and Local Cybersecurity Grant - State Agency

The 2024-25 State and Local Cybersecurity Grant – State Agency (SG) CFO, provided by the California Governor’s Office of Emergency Services (Cal OES), aims to bolster the cybersecurity posture of California state agencies. Its core mission is to mitigate cybersecurity risks and threats to information systems, safeguarding critical infrastructure and ensuring the uninterrupted delivery of essential services to communities across all counties in California. This grant aligns with a broader strategic goal of enhancing the state's resilience against evolving cyber threats. The primary beneficiaries of this grant are agencies of the State of California. The grant's impact goals are centered around improving the security of information systems and critical infrastructure, thereby ensuring the continuity and reliability of public services. By addressing cybersecurity vulnerabilities, the program seeks to protect sensitive data, prevent service disruptions, and maintain public trust in government operations. The program prioritizes projects that align with four key objectives established by CISA. Objective 1, Governance and Planning, focuses on developing robust governance structures and plans for incident response and operational continuity. Objective 2, Assessment and Evaluation, emphasizes continuous testing, evaluation, and structured assessments to identify areas for cybersecurity improvement. Objective 3, Mitigation, involves implementing security protections commensurate with identified risks, adhering to best practices outlined in cybersecurity plans. Finally, Objective 4, Workforce Development, aims to ensure that organization personnel are adequately trained in cybersecurity, in line with the National Initiative for Cybersecurity Education. The expected outcomes of this grant include a more secure and resilient cybersecurity infrastructure across California state agencies. Measurable results will stem from the successful implementation of projects that address the stated objectives, leading to improved incident response capabilities, a reduction in cybersecurity vulnerabilities, and a more cyber-aware workforce. While specific metrics are not detailed, the program's theory of change posits that by investing in these key areas, California will significantly enhance its ability to prevent, detect, and respond to cyberattacks, ultimately protecting its citizens and critical assets.