August 6, 2025

4 Min Read

With over $100 million on the table in FY25 cybersecurity grants, state, local and tribal governments have until August 15, 2025 to apply to secure critical cyber funding to strengthen their defenses.

On August 1st, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the FY 2025 Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), releasing over $100 million in federal grants to help state, local, tribal and territorial governments build critical cyber resilience. 

The funding supports two programs:

• SLCGP: $91.7 million for state and local governments
• Tribal Cybersecurity Grant Program (TCGP): $12.1 million for tribal governments

SLTT governments face growing threats -- from ransomware and data breaches to rising attacks on operational technology (OT) systems like water, transportation and emergency services. With limited resources and aging infrastructure, many are vulnerable to disruptions with real world consequences. The grants offer a critical opportunity to strengthen defenses and build lasting cyber resilience. 

Critical dates

• Application deadline: August 15, 2025 at 5:00 p.m. ET via FEMA’s Grants.gov submission portal.
• Awards announced: September 9, 2025
• Cybersecurity plan deadline: All applicants must resubmit their current CISA-approved plan, revised if necessary, by January 30, 2026, and annually thereafter.

FY 2025 grant priorities

As in previous years, your application must address at least one of these program objectives:

• Establish governance: Build or improve cybersecurity governance structures and cybersecurity plans to strengthen incident response and operational continuity.
• Assess cyber posture: Understand your current cybersecurity maturity and identify gaps through continuous testing, evaluation and structured assessments.
• Implement risk-based protections: Apply security measures aligned with your organization’s specific risks.
• Train the workforce: Provide role-based cybersecurity training for all relevant staff. 

These objectives align with CISA’s Cybersecurity Performance Goals (CPGs), ensuring funded activities deliver measurable, sustainable improvements in cyber resilience. 

Eligibility and funding Details

• SLCGP: States apply through their State Administrative Agencies (SAAs), with 80% of funds passed to local governments.
• TCGP: Tribal governments apply directly.

How Tenable helps SLTTs advance SLCGP goals

Tenable’s unified cybersecurity solutions directly align with SLCGP objectives and priorities, helping SLTTs gain visibility, reduce risk and build sustainable cyber resilience across IT and OT environments. 

Meet SLCGP objectives with Tenable One

The Tenable One Exposure Management Platform gives governments a complete, unified view of their cyber risk across IT, cloud , OT, IoT, web applications and identity systems. It supports multiple objectives by helping agencies:

• Understand their cybersecurity posture through continuous asset discovery, vulnerability assessment and risk-based prioritization.
• Implement risk-based protections using contextualized insights and attack path analysis
• Support governance and planning efforts with reporting and metrics that align with CISA’s CPGs. 

Protect critical infrastructure with Tenable OT security

As threats to critical infrastructure like water systems and emergency services increase, it's crucial to secure both IT and OT environments. The FY25 NOFO specifically funds “targeted cybersecurity investments” to help SLTT governments strengthen the security and resilience of their critical infrastructure and services. 

OT systems are increasingly targeted in cyberattacks and SLTTs often lack dedicated resources or tools to monitor these environments. With Tenable OT Security, agencies can:

• Gain deep visibility into OT and IoT assets and their vulnerabilities.
• Detect threats across converged IT/OT environments.
• Automatically identify network anomalies and policy violations, detect anomalous behavior and track signatures for potential high risk events with context-rich alerts.
• Prioritize remediation of high risk vulnerabilities with risk scores based on vulnerability context and potential impact.
• Streamline audit, compliance and reporting.

Learn more: 

• Read the CISA press release: DHS Launches Over $100 Million in Funding to Strengthen Communities’ Cyber Defenses
• Visit CISA’s Cyber Grants Home Page
• Visit the Tenable SLCGP website to review resources on how Tenable can help
• Read our blog: How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments
• Read our whitepaper on strengthening state and local government cyber resilience for critical infrastructure