State, local, tribal, and territorial (SLTT) governments continue to face escalating cybersecurity threats while managing limited internal resources and tightening budgets.
In response, the Cybersecurity and Infrastructure Security Agency (CISA) has announced a transition to a new operating model designed to provide more direct support, funding access, and hands-on cybersecurity expertise to public sector organizations.
According to a September 29, 2025 announcement on CISA.gov, the agency is shifting its approach to strengthen accountability, maximize impact, and empower SLTT governments to build cyber resilience at the local level.
CISA’s cooperative agreement with the Center for Internet Security (CIS) concluded on September 30, 2025, marking a transition in how federal cybersecurity resources are delivered to state and local entities.
Rather than reducing engagement, the shift aims to streamline support and provide more direct access to tools, funding, and advisory services.
The updated model focuses on expanding shared responsibility nationwide while equipping communities of all sizes with practical resources to defend against modern threats.
CISA is working in coordination with FEMA to facilitate funding through:
These grant programs are administered by the Department of Homeland Security (DHS) and are intended to strengthen cybersecurity planning, modernization, and resilience initiatives across public sector organizations.
CISA continues offering complimentary services that help public entities identify and reduce risk, including:
These services provide foundational visibility into security posture and help agencies prioritize remediation efforts.
CISA provides structured guidance to help organizations measure and improve cybersecurity maturity, including:
These resources help agencies benchmark progress and align efforts with nationally recognized standards.
CISA’s regional advisors deliver hands-on support, both locally and virtually. These professionals provide:
This localized model helps bridge the gap between federal expertise and community-level implementation.
CISA will continue collaborating with the Multi-State Information Sharing and Analysis Center (MS-ISAC) on joint cybersecurity products and information sharing. SLTT organizations using Albert sensors should continue coordinating directly with CIS/MS-ISAC for those services.
CISA also facilitates bi-monthly SLTT Security Operations Center (SOC) calls to deliver timely cyber defense updates and emerging threat intelligence.
Cyberattacks targeting municipalities, school districts, law enforcement agencies, and public utilities continue to increase in frequency and sophistication. Many public sector IT teams operate lean environments, making federal collaboration and structured guidance essential.
CISA’s updated model reinforces its role as the nation’s cyber defense agency, emphasizing:
By providing direct pathways to grants, tools, advisors, and performance frameworks, CISA aims to ensure that every community—regardless of size—has access to resources needed to improve resilience.
While CISA’s support is expanding, it remains essential for SLTT organizations to:
Proactive engagement with available federal resources can help agencies reduce risk exposure and strengthen preparedness.
As CISA continues implementing this new support model, state and local governments have an opportunity to leverage expanded funding access and structured cybersecurity guidance.
With growing threat activity targeting public infrastructure, coordinated defense efforts at the federal and local levels remain critical.
For more information on CISA’s Cybersecurity Services for SLTT partners, visit CISA.gov.