State and Local Cybersecurity Grant Program

The State and Local Cybersecurity Grant Program is a federally authorized initiative established under the Infrastructure Investment and Jobs Act, also known as the Bipartisan Infrastructure Law, enacted in November 2021. The program is designed to address growing cybersecurity risks and threats to information systems operated by state, local, and tribal governments. Administered at the federal level with implementation at the state level, the program allocates funding to strengthen cybersecurity infrastructure, improve resilience, and support coordinated planning efforts. In Texas, the Office of the Governor serves as the State Administrative Agency responsible for managing the grant process, while the Department of Information Resources provides subject matter expertise and oversees programmatic compliance. The purpose of the program is to support the development and implementation of comprehensive cybersecurity strategies aligned with federal priorities. These priorities include governance and planning, assessment and evaluation, mitigation of cybersecurity risks, and workforce development. Projects funded through this program must align with the State Cybersecurity Plan, which outlines strategic goals, identifies key risks, and establishes measurable objectives for improving cybersecurity posture across jurisdictions. The program emphasizes collaboration among state agencies, local governments, and designated planning committees to ensure that investments are coordinated and impactful. Funding under this program is distributed to states, which are required to pass through a significant portion of funds to local governments. In Texas, at least 80 percent of the allocation must be distributed to local entities, with a minimum of 25 percent directed toward rural communities. The total allocation to Texas is approximately forty million dollars over a four-year period. Subrecipients are responsible for providing matching funds, with the required match increasing over time and set at 30 percent for the current funding year. Eligible expenditures are limited to one-time cybersecurity improvements, including implementation of multi-factor authentication, enhanced logging, data encryption, system backup capabilities, and replacement of unsupported technologies. Eligibility for funding is limited to local governments as defined by Texas law, including counties, municipalities, school districts, charter schools, junior college districts, water districts, tribal governments, and other political subdivisions. Applicants must comply with state cybersecurity training requirements and participate in designated federal services such as vulnerability scanning and web application assessments provided by the Cybersecurity and Infrastructure Security Agency. Additional participation in statewide information-sharing initiatives is also required. Entities that fail to meet compliance requirements may be deemed ineligible for funding until corrective actions are completed. The application process is conducted through the Office of the Governor’s eGrants system. Applicants must submit project proposals that align with the State Cybersecurity Plan and demonstrate readiness to implement approved activities. The Cybersecurity Planning Committee plays a key role in reviewing and prioritizing proposed projects based on statewide needs and strategic alignment. Applications are evaluated based on their ability to reduce cybersecurity risks, enhance resilience, and support long-term improvements in security practices. For the current cycle, the Request for Applications opened on December 15, 2025, and closed on February 12, 2026. Funding decisions are contingent upon approval by federal authorities, after which awards are typically released within forty-five days. Project activities may not begin until formal approval is received and grant agreements are executed. The program operates on a recurring annual cycle tied to federal appropriations, with future funding rounds anticipated based on continued authorization and appropriations. Applicants are encouraged to monitor official communications for updates and guidance related to future application opportunities.

Ensure projects align with statewide cybersecurity priorities and adopt best practices such as MFA encryption and system resilience improvements