FFY 2024 State & Local Cybersecurity Grant – State Agency (SG)

The State and Local Cybersecurity Grant – State Agency Program is a federally supported initiative administered by the California Governor’s Office of Emergency Services (Cal OES), Homeland Security & Emergency Management (HSEM) Branch. Funded through the Infrastructure Investment and Jobs Act of 2021, this program is designed to strengthen cybersecurity infrastructure and risk mitigation strategies among California state agencies. Managed in alignment with guidance from the U.S. Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA), this grant opportunity emphasizes sustainable cybersecurity planning and implementation, focusing on the resilience of state-operated information systems and critical infrastructure. Cal OES, serving as the State Administrative Agency (SAA), leads program oversight and fund distribution under the State and Local Cybersecurity Grant Program (SLCGP), which spans fiscal years 2022 through 2025. This specific program round provides a total of $1,815,446 in funding for eligible state agencies, with a maximum subaward of $250,000 per applicant for a 24-month performance period running from July 1, 2026, through August 31, 2028. A mandatory 30% match is required, either in cash or through third-party in-kind contributions. The purpose of the grant is to enable state entities to identify, assess, mitigate, and address cybersecurity vulnerabilities. Funds may be used for planning, organization, training, equipment acquisition, exercises, and indirect management costs. All funded activities must align with the California SLCGP Cybersecurity Plan and conform to federal and state regulations outlined in documents such as the FEMA Preparedness Grants Manual and Title 2 of the Code of Federal Regulations. Eligibility for this grant is limited to state agencies in California that have not received SG Program awards in fiscal years 2022 or 2023. Only one proposal per applicant will be considered, and the highest-scoring eligible proposal will be selected if multiple submissions are received. Applicants must be registered in the federal System for Award Management (SAM) and have a Unique Entity Identifier. They must not have any exclusion records in SAM at the time of subaward issuance. Proposals must be submitted via email in PDF format to the designated Cal OES inbox by 11:59 PM PDT on Friday, March 13, 2026. Submissions via cloud-based platforms like Google Drive or Dropbox will not be accepted. A complete proposal includes three required components: the Notice of Interest (NOI), the Project Worksheet, and the Cybersecurity Maturity Survey. Each component is evaluated for alignment with program goals and thoroughness of planning. The Cybersecurity Maturity Survey, while not scored, must be completed and submitted as a PDF. Evaluation of proposals is conducted by a three-member panel based on a scale from Absent to Excellent, with final funding decisions made by the Director of Cal OES. Key selection factors include the proposal’s numerical score, geographic distribution considerations, and the applicant’s past grant compliance performance. Projects must address one or more of the four objectives established by the Cybersecurity and Infrastructure Security Agency (CISA): Governance and Planning, Assessment and Evaluation, Mitigation, and Workforce Development. Subrecipients must also participate in the federal Cyber Hygiene Service – Vulnerability Scanning. The Program strongly encourages alignment with national best practices, including multi-factor authentication, data encryption, and enhanced system logging, among others. Special attention is also given to initiatives that bolster cybersecurity preparedness in rural communities and ensure continuity of operations. All awards are contingent on the passage of the California State Budget and formal grant approval. Subrecipients will be notified via email regarding award decisions. The annual Performance Progress Reports (PPRs) are required and must be submitted to Cal OES within 30 days after each reporting period’s conclusion. The first report will cover July 1, 2026, through June 30, 2027, and the final report will cover July 1, 2027, through August 31, 2028. Non-compliance with reporting requirements may result in grant reduction or termination.

Ensure proposals align with cybersecurity plan objectives and adopt federal best practices; strictly follow formatting and submission rules.