DHS Releases Over $100M in Cybersecurity Grants—Here’s What It Means for Public Sector Identity Protection

By Tim Ortiz

On August 1, 2025, the U.S. Department of Homeland Security (DHS), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and FEMA, announced more than $100 million in new funding to support cybersecurity improvements across state, local, and tribal governments.

This announcement is part of the ongoing State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP)—key funding vehicles established under the Bipartisan Infrastructure Law to help government entities strengthen their security posture.

What's in the Grant Funding?

  • $91.7 million has been allocated to state and local governments through the SLCGP. These funds are intended to support cybersecurity planning, hire skilled personnel, and implement advanced cyber protection services.
  • $12.1 million has been dedicated to tribal governments through the TCGP, enabling investments in risk assessments, training, and modern defense tools.

As CISA Acting Director Madhu Gottumukkala stated, these grants give local communities the critical resources needed to build resilient cyber ecosystems, reduce risk, and improve outcomes—all while ensuring responsible use of taxpayer dollars.

But the application deadline is fast approaching on August 15, 2025.

Why Active Directory, Microsoft 365, and Entra ID Must Be Protected

Despite new security tools and cloud adoption, identity remains the primary attack vector for most modern cyber threats. In fact, over 80% of ransomware and data breach incidents involve compromised credentials or privilege escalation within identity systems.

Government organizations operating on limited budgets and legacy infrastructure are uniquely vulnerable. Their hybrid IT environments often span:

  • On-premises Active Directory (AD)
  • Microsoft Entra ID (formerly Azure AD)
  • Microsoft 365

When attackers gain a foothold in AD or Entra ID, they can silently escalate privileges, move laterally, and take over entire environment, often without triggering alarms. The result? Disrupted services, locked-out users, compliance violations, and costly recovery efforts.

How Cayosoft Supports Grant-Funded Cybersecurity Initiatives

At Cayosoft, we specialize in securing the very identity systems that public sector agencies rely on. Our mission is to help organizations protect, govern, and recover their hybrid identity environments across AD, Entra ID, and Microsoft 365.

Here’s how Cayosoft aligns directly with the goals of the SLCGP and TCGP:

  1. Governance & Planning Cayosoft’s solutions help agencies formalize identity governance policies, enforce least privilege, and establish consistent role-based access controls—laying the foundation for resilient, auditable operations.
  2. Assessment & Mitigation With real-time insight into configurations, privileged access, and misconfigurations, our platform helps public agencies detect and reduce identity sprawl, eliminate standing privileges, and close risky gaps across hybrid systems.
  3. Workforce Enablement By automating account provisioning, deprovisioning, and access reviews, Cayosoft empowers IT teams to reduce human error, speed onboarding, and focus on higher-impact security initiatives.

 

We’re proud to support customers across the public sector, including federal agencies like the IRS, and state and local governments committed to improving their cybersecurity posture.

Take Action Before the August 15 Deadline

This is a timely opportunity to secure federal funding to modernize your identity infrastructure. Whether you are mid-implementation, planning improvements, or preparing your grant submission, Cayosoft can help you:

  • Assess your current identity and access management landscape.
  • Identify risks and map to CISA’s strategic cybersecurity objectives.
  • Implement measurable, sustainable improvements using grant funding.

Ready to Strengthen Your Identity Security?

Cayosoft is here to support your journey to a more secure and resilient identity ecosystem. Contact us today to explore how we can assist with your cybersecurity grant planning or implementation strategy.

Let’s build a more resilient public sector that starts with identity. Contact us today!

See how Guardian can strengthen your identity security? Schedule a demo to explore how these capabilities work within your specific Microsoft environment.

FAQs

ITDR stands for Identity Threat Detection and Response, a specialized security approach that monitors and protects identity systems like Active Directory and Azure AD from credential-based attacks. These solutions focus specifically on detecting threats that target user identities, authentication systems, and access privileges rather than traditional network perimeters.

Unlike antivirus tools and firewalls that protect network boundaries and endpoints, ITDR solutions monitor identity-specific activities like authentication patterns, privilege escalations, and permission changes. A targeted approach catches sophisticated attacks that use legitimate credentials to bypass traditional security controls, which often miss identity-based threats entirely.

ITDR technology detects privilege escalation attempts, lateral movement through Active Directory, unauthorized account modifications, suspicious authentication patterns, and Kerberos-based attacks. It also identifies when attackers create backdoor accounts, modify security groups, or abuse federation trusts between on-premises and cloud environments.

Small businesses using Microsoft Active Directory or Azure AD can benefit from ITDR solutions, especially those in regulated industries or handling sensitive customer data. However, the complexity and cost of implementation may require smaller organizations to prioritize basic identity security hygiene before investing in advanced ITDR capabilities.

Modern ITDR platforms like Cayosoft Guardian enable recovery within minutes by providing granular rollback capabilities at the attribute level rather than requiring full system restoration. This rapid recovery approach minimizes downtime and prevents attackers from maintaining persistence in compromised identity environments.

Check out these relevant resources.