State and Local Cybersecurity Grant

The 2024-25 State and Local Cybersecurity Grant – Local and Tribal (SL) CFO is a program designed to bolster the cybersecurity posture of local governments, including school districts and special districts, and federally recognized tribes within California. Its overarching mission is to assist these entities in addressing cybersecurity risks and threats to information systems, thereby enhancing the security of critical infrastructure and ensuring the resilience of essential community services. This grant directly aligns with a foundation's strategic priority to strengthen public sector resilience and protect vital community functions from digital threats, embodying a theory of change that by investing in local cybersecurity capabilities, overall societal stability and service delivery are improved. The target beneficiaries of this grant are local governments and federally recognized tribes located in California, as defined by federal statutes. The impact goals are directly tied to the grant's objectives, aiming for significant improvements in cybersecurity capabilities. Expected outcomes include the development of robust governance structures and incident response plans, a clearer understanding of cybersecurity weaknesses through continuous assessment, the implementation of strong security protections, and a better-trained cybersecurity workforce. These measurable results will contribute to a more secure digital environment for communities, ensuring continuity of operations and protection of sensitive data. The program's priorities and focuses are structured around four key objectives established by CISA. Objective 1 emphasizes Governance and Planning, encouraging the establishment of appropriate governance and plans to improve incident response and continuity. Objective 2, Assessment and Evaluation, focuses on identifying areas for improvement through testing and structured assessments. Objective 3, Mitigation, is about implementing security protections commensurate with identified risks, adhering to best practices. Finally, Objective 4, Workforce Development, aims to ensure personnel are adequately trained in cybersecurity in line with the National Initiative for Cybersecurity Education. These objectives guide applicants in developing projects that address specific areas of cybersecurity improvement. In addition to the objectives, the grant highlights several key Cybersecurity Best Practices as priorities for project development. These include implementing multi-factor authentication, enhanced logging, and data encryption for data at rest and in transit. The grant also prioritizes ending the use of unsupported/end-of-life software and hardware accessible from the internet, prohibiting known/fixed/default passwords, ensuring the ability to reconstitute systems through backups, and actively engaging in bidirectional information sharing with CISA. Migration to the .gov internet domain is another emphasized practice. Applicants are encouraged to describe projects that address these areas, utilizing a whole-community approach to enhance cybersecurity capabilities.