State & Local Cybersecurity Grant Program

Additional resources

Cyber Resilience Review
Cyber Resource Hub
Cybersecurity Plan Template
Free Cybersecurity Services and Tools
Ransomware Guide (Sept. 2020)
State and Local Cybersecurity Grant Program Fact Sheet
Webinars:
- SLCGP Application Webinar (June 17, 2025)

April 2026

The next round of funding for the State and Local Cybersecurity Grant Program (SLCGP) in Washington state is expected to open in May 2026. This is currently the last year of four rounds of funding under the bi-partisan Infrastructure Investment Jobs Act (IIJA).

Eligible entities—including local governments, Tribal governments, K–12 school districts, and special purpose districts—will have the opportunity to apply for funding to support cybersecurity planning, training, exercises, and technology improvements that strengthen the security and resilience of critical services.

Application instructions and materials will be posted on this page when the solicitation opens. Interested applicants are encouraged to sign up for the SLCGP interest list to receive notification when the application becomes available.

The Protecting Information by Local Leaders for Agency Resilience (PILLAR) Act, which would renew the federal cybersecurity grant program, remains under consideration in the U.S. Senate. Updates related to federal guidance, program timelines, and future funding opportunities will be posted here.

Additional cybersecurity resources

In addition to the State and Local Cybersecurity Grant Program (SLCGP), here are some additional funding and cybersecurity resources.

About the program

The U.S. Department of Homeland Security has provided funding, through the Infrastructure Investment and Jobs Act, to address cybersecurity risks and threats to information systems owned or operated by state, local and territorial governments.

EMD and WaTech leaders, in coordination with a planning committee that has broad-based membership, drafted a statewide strategic cybersecurity plan which was approved by the Cybersecurity and Infrastructure Security Agency (CISA) in July 2023.

Following approval of the plan, the state solicited projects from local jurisdictions, Tribes, and state agencies. After a rigorous review, more than $16.6 million in grant funding has been allocated from the FY22, FY23, and FY24 SLCGP awards to support cybersecurity improvements across Washington.

A new project solicitation round to allocate the remaining SLCGP funding will be announced in the next two months. Please click here to be added to the information distribution list.

While the program continues to be established, this is a great time to assess baseline security measures currently in place. CISA has resources that can help including:

Vulnerability Scanning evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts. (Email CISA at vulnerability@cisa.dhs.gov with the subject line "Requesting Cyber Hygiene Services" to get started.)

Questions?

State, local and Tribal governments interested in applying for grants are encouraged to sign up to be added to the information distribution list.

SLCGP Frequently Asked Questions (Updated April 2026)

When will the next application round open?

The application period for the next round of SLCGP funding will open on May 4, 2026, with all applications due by June 12, 2026.

When should I schedule my project to fit in the grant requirements?

The start date for the grant-funded project should be no earlier than Sept. 1, 2025, with an end date of no later than Aug. 29, 2029. Projects will not be given the maximum amount of time unless justified.

How many projects can I submit for funding?

Due to limited funding, entities may submit up to three (3) projects. If submitting more than one project, applicants must prioritize them (1, 2, 3) in order of importance.

What are the criteria being used to score project applications?

Each project must align with one, and only one, of the following objectives:

Objective 1: Governance and cybersecurity planning

Objective 2: Cybersecurity assessments and testing

Objective 3: Implementation of security protections

Objective 4: Cybersecurity training

Projects should also clearly describe:

Alignment with the Washington State Cybersecurity Plan.

The cybersecurity gap being addressed.

Intended outcomes.

Budget and justification.

Our jurisdiction received funding in a previous round/year. Can we still apply for funds?

Yes. Applicants must explain how the proposed project builds upon or complements previously funded work.

How are the projects and applications being prioritized?

The Planning Committee aims to distribute funding statewide. Most awards are typically around $100,000 or less.

Federal requirements include:

Eighty percent of funds must go to local governments.

Twenty-five percent must benefit rural jurisdictions.

What types of projects have been funded in previous years?

In previous years, entities have applied and received funding for various types of cybersecurity-related projects, including:

Cybersecurity plans and policies.

Tabletop exercises.

System testing and vulnerability assessments.

Firewalls and security hardware.

Monitoring and response systems.

Identity management/MFA.

IT staff training and certifications.

Are there any match funding requirements for this grant?

Yes, there are match funding requirements for this grant. The required match has been provided by the state Legislature for FY22-25.

When will grant approvals be announced, and when will the funds be available?

Projects will be scored between June 12 and Aug. 7, 2026.

Projects will be presented to the Planning Committee on Sept. 1, 2026.

Notifications of selected projects are expected between Sept.8–10, 2026.

Grant agreements are anticipated to be executed in December 2026, once federal funding is released.

These timelines may change.

For a grant application involving multiple projects, is it recommended to submit separate spreadsheets for each project or to create additional tabs within a single spreadsheet?

You can create additional tabs within a single spreadsheet for each project. This method is often more efficient as it allows the applicant to fill out common fields, such as the applicant’s information, only once. This approach can save time and reduce the possibility of inconsistencies across multiple documents.

Can I apply for a project over a multiple-year timeframe to take advantage of better vendor pricing?

Yes, you may submit the project for multiple years to capitalize on more favorable vendor pricing. However, if the project extends beyond the period of performance, it is crucial to include in the Budget Narrative section how the costs will be managed after the grant funding ends. This planning is essential to ensure clarity and sustainability for the financial commitments of the project.

How long will it take to receive notice of winning a grant?

The time needed for processing applications depends on the number received. A high volume may require more time to process, score, select for funding and submit to the federal government for approval. The current timeline calls for presenting a project list to the Planning Committee in September.

If our jurisdiction gets a grant, when can I expect the money?

You can expect to receive funds only after your project meet the following criteria:

Approved by the State Planning Committee

Approved by FEMA/CISA

Formalized through executed grant agreements

Funds are provided on a reimbursement basis, meaning costs must be incurred and documented before reimbursement.

Will there be any help available for filling out the application?

Yes. Two application webinars will be offered:

May 14, 2026

June 3, 2026

Technical assistance will also be available throughout the application period (May 4 – June 12, 2026). Make sure you get on the interest list to be notified of the webinars and any additional information.

Who is eligible for a cybersecurity grant?

Eligible applicants include:

State agencies.

Local governments (cities, counties).

Tribal governments.

K–12 school districts.

Public higher-education institutions.

Special-purpose districts (e.g., PUDs).

Projects must align with SLCGP objectives and the State Cybersecurity Plan.

How much money did the state get?

Washington state has received approximately $18.5 million across FY22–FY25. The state Legislature has provided the matching funds for the entirety of the grant (so local jurisdictions don’t need to meet the matching fund requirement).

Is there local government representation on the Planning Committee?

Yes. The Planning Committee includes representatives from:

The Association of Washington Cities.

The Washington State Association of Counties.

Federal requirements also ensure representation from IT, cybersecurity, public health, and education sectors.