Cal OES offers up to $250,000 to help California’s state, local, and tribal agencies strengthen their digital infrastructure against evolving cyber threats. Organizations must submit their applications by March 13, 2026. 

Key takeaways

1. Significant competitive funding: Cal OES is distributing $9.7 million for local and tribal governments and $1.8 million for state agencies, with individual awards capped at $250,000.
2. Direct Tenable alignment: Tenable solutions fulfill grant requirements to meet the program’s objectives and statewide priorities by providing continuous asset identification, risk-based vulnerability prioritization, and real-time security gap analysis.
3. Focus on national priorities: Grant applications receive high priority when addressing critical security gaps considered national priorities, such as lack of multi-factor authentication (MFA), use of end-of-life (EOL) software, and inadequate encryption—all of which Tenable identifies and surfaces.
4. Strict deadline and submission rules: Applications are due by 11:59 PM PDT on March 13, 2026, and must be submitted as PDF email attachments; Cal OES will not accept links to files in cloud storage services like Google Drive or Dropbox.

Grant overview

The California Governor’s Office of Emergency Services (Cal OES) is now accepting applications for its Federal Fiscal Year (FFY) 2024 State and Local Cybersecurity Grant Program (SLCGP). The grant program is intended to help local and tribal governments, as well as state agencies address threats to information systems. It also aims to improve the security of critical infrastructure organizations and the resilience of the services these entities provide to their communities.

Tenable solutions directly align with the grant’s objectives to “understand your current cybersecurity posture and areas for improvement based on continuous testing, evaluation, and structured assessments” and “ implement security protections commensurate with risk.”

Organizations can apply for up to $250,000 through two competitive programs:

• Local and tribal governments: $9.7 million available for local agencies and federally recognized tribes.
• State agencies: $1.8 million available for California state agencies.

Key program details

• Application deadline: Friday, March 13, 2026, at 11:59 PM PDT.
• Performance period: 26 months, July 1, 2026 – August 31, 2028.
• Cost match: Grant recipients must have a 30% cost match (cash or third-party in-kind). For example, for a $250,000 award, the match is $107,143, totaling a $357,143 project cost.
• Eligibility restrictions: Previous recipients of FY 2022 or 2023 SLCGP funding are not eligible for this cycle.

Meeting SLCGP objectives

Proposed projects must align with one of the four primary SLCGP objectives: 1) Governance and Planning; 2) Assessment and Evaluation; 3) Mitigation; and 4) Workforce Development. Tenable solutions are uniquely positioned to support objectives 1, 2, and 3 as described below:

Meeting SLCGP statewide priorities

Applicants are also strongly encouraged to incorporate statewide priorities in their project descriptions which align with Tenable solutions, including:

• Enhance the preparation, response, and resiliency of information systems, applications, and user accounts.
• Implement a process of continuous cybersecurity risk factors and threat mitigation practices prioritized by degree of risk.
• Assess and mitigate risks and threats impacting local jurisdictions’ critical infrastructure and key resources.

Application requirements

To be considered, applicants must submit:

1. Notice of Interest (NOI): Applicants must respond to each question in the NOI form. The applicant’s response to each question will be evaluated as part of the rating process. Applicants should develop a thorough project proposal that takes into consideration planning and implementation of the entire process for the proposed project – from conception to completion of all activities using the requested funding.
2. Project Worksheet: Applicants will complete the Project Worksheet to demonstrate their project alignment to SLCGP objectives, their implementation plan, and to identify key project milestones. The Project Worksheet is an Excel spreadsheet that includes two tabs to be completed by the applicant: the Baseline Project Information tab and the Project Implementation tab. Each will be evaluated as part of the rating process.
3. Cybersecurity Maturity Survey: In addition to the NOI form and Project Worksheet, applicants must complete the Cybersecurity Maturity Survey. This is an online survey that will not be scored, but that is required and will be a helpful tool to assist in identifying gaps to address through SLCGP. Upon completion of the survey, applicants must download a copy of their survey responses and attach them as a PDF file to submit with their proposal; proposals submitted without completing the survey may not be considered for funding.
4. System for Award Management (SAM) registration: Applications must have a Unique Entity Identifier (Unique Entity ID) registered in the federal System for Award Management (SAM). Applicants who do not currently have a Unique Entity ID will need to register at SAM.gov to obtain one.

Pro Tip: All proposals must be emailed to [email protected]. Cal OES cannot access cloud-based storage like Google Drive.

Ready to apply?

You can find the full Request for Proposal (RFP) and necessary forms (Notice of Interest, Project Worksheet, and Cybersecurity Maturity Survey) at the links below:

For more information on how Tenable can support your CA SLCGP application, contact us at [email protected] or submit a contact request here.