State and Local Cybersecurity Grant Program (SLCGP)

Overview

Through the Infrastructure Investment and Jobs Act (IIJA) of 2021, Congress established the State and Local Cybersecurity Improvement Act, which established the State and Local Cybersecurity Grant Program, appropriating $1 billion nationwide to be awarded over four years. In FY 2022, $183.5 million is available nationwide under the SLCGP, with varying funding amounts allocated over four years from the IIJA. Each state and territory will receive a funding allocation as determined by the statutory formula. 80% of total state allocations must support local governments, while 25% of the total state allocations must support rural areas/jurisdictions; these amounts may overlap.

On December 27, 2022, California was successfully awarded $7,976,788 for SLCGP first-year funding (federal FY22) with Cal OES formally accepting the award on January 23, 2023. The FY22 award has a period of performance of December 1, 2022 to November 30, 2026. Now that California’s Cybersecurity Plan has been approved, disbursement of these funds is awaiting approval of individual projects named in the plan, and funds will be released to California per-project as those projects are approved. All awarded program funds are available throughout the program period of performance (federal FY22 – FY25) – there is no requirement to spend the funds within the associated award year. Note that the state-level projects identified in the Cybersecurity Plan encompass all sub-recipient applications that will subsequently align to those projects (including local level project proposals submitted if that option is chosen instead of in-kind services).

On August 8, 2023, FEMA announced $15,879,497 would be allocated to California for second-year funding (see FY23 NOFO).Cal OES applied for this on behalf of the state by the deadline of October 6, 2023 and was awarded federal FY23 funding on December 8, 2023. The FY23 award has a period of performance of December 1, 2023 to November 30, 2027.

As the State Administrative Agency, Cal OES will administer the funds pursuant to California’s SLCGP allocation. The IIJA requires the funds to be allocated according to a state cybersecurity plan developed by a cybersecurity planning committee.

The California Cybersecurity Integration Center (Cal-CSIC) formed a subcommittee of the California Cybersecurity Task Force called the Cybersecurity Investment Planning Subcommittee for this purpose (CCTF-CIPS) in late 2022. The CCTF-CIPS serves as the planning committee for purposes of the grant program and is open to all potential grant recipients.

Cal OES is coordinating closely with our federal partners at FEMA and CISA to ensure all grant requirements are met. The state’s application was completed and approved by FEMA, which ensured full first-year funding is available to the state and will not restrict or limit options for subrecipients.

Cybersecurity Plan

In coordination with the CCTF-CIPS and the Department of Technology, the Cal-CSIC and OES developed California’s initial SLCGP Cybersecurity Plan which is posted here:

California’s SLCGP Cybersecurity Plan v1.5.5 (September, 2023)

All funding allocation decisions will be made in accordance with the Cybersecurity Plan and SLCGP requirements.

SLCGP Application Process for Sub-Recipients

If you are an eligible sub-recipient for the SLCGP (see FY23 NOFO page 14), then you will apply to Cal OES once the application process is established and posted on this website. Applications will be evaluated and awards allocated in accordance with the Cybersecurity Plan posted above.

However, the application process is not ready at this time – please come back later and/or subscribe to the CCTF-CIPS distribution list for updates (see below).

CCTF-CIPS Contact and Distribution List

If you are interested in receiving updates related to the SLCGP program and/or would like to be involved in the efforts of the CCTF-CIPS, please reach out to the Cal OES SLCGP Planning Team at CCTF-SLCGP@CalOES.ca.gov

Note: CCTF-CIPS membership and inclusion on this contact list for information updates is limited to government officials who are potential sub-recipients and representatives they specifically designate for this purpose.

Program Timeline

  • August 2022: Cal OES and the Cal-CSIC formed the CCTF-CIPS
  • September 2022: SLCGP FY22 Notice of Funding Opportunity (NOFO) published
  • November 2022: Cal OES Applied for FY22 SLCGP on behalf of California
  • December-January 2023: California Awarded $7.9 Million First-Year Funding
  • February-March 2023: Formed CCTF-CIPS Working Groups
  • March-May 2023: Conducted Statewide Cybersecurity Capabilities Assessment
  • June-August 2023: Developed California SLCGP Cybersecurity Plan
  • September 2023: Submitted Final Plan To FEMA/CISA For Approval, Plan Approved by DHS
  • October 2023: Cal OES applies to FEMA on behalf of California for FY23
  • Late February 2024 (estimated): Cal OES will announce SLCGP sub-recipient application process – this will be the first time at which sub-recipients will be able to apply for this program. There will be separate applications for cash proposals vs. in-kind services in lieu of cash. The cash request for proposals (RFP) will be posted first. More details coming soon via this website and the SLCGP distro.

Notices of Funding Opportunity (NOFOs)

Resources

The following list of CISA resources are recommended products, services, and tools at no cost to the state, local, tribal, and territorial governments, as well as public and private sector critical infrastructure organizations.