What is the program?
The Executive Office of Technology Services and Security's (EOTSS) Office of Municipal and School Technology procures and manages the Municipal Cybersecurity Awareness Grant Program (MCAGP) – making the program free to participating organizations. Our program improves overall cybersecurity posture through end-user training and simulated phishing campaigns.
Information about the program learning paths:
We’ve built on the success of our newly designed 2024 program to better serve participating organizations for 2025. Each awareness learning path delivers training and monthly simulated phishing campaigns.
There are four Learning Paths. Local government agencies must choose one or more; please be thoughtful about the most effective path(s) for your organization. The Education Path is only open to public schools wishing to enroll users to earn Professional Development Points (PDPs), though public schools may choose any of the other paths if they do not wish to earn PDPs.
- Traditional: This learning path includes multiple short modules, no longer than 6 minutes each.
- Advanced: This learning path also includes multiple modules but is intended for a subset of your users that have a solid foundation of cybersecurity awareness. The local coordinator may enroll user(s) in this path enabling them to test out of modules.
- Comprehensive: This learning path offers longer, more in-depth modules intended for newer employees or those who may require additional training to gain a foundational understanding of cybersecurity awareness. The local coordinator may enroll user(s) in this path at their discretion.
- Education: This learning path was designed with the public school sector in mind. This path includes training in a variety of formats (modules, games, videos, assessments, and independent reading) for a total of 10 hours and users will earn 10 Professional Development Points (PDPs).
A free Home Course will be made available to each 2025 MCAGP participating organization, which they may share with friends and family. Cybersecurity affects everyone -- the Home Course is a module that covers a variety of cybersecurity topics, offering cybersecurity training outside of the workplace.
Why use the program?
According to recent reports (IBM's Cost of a Data Breach Report 2024), "phishing and stolen or compromised credentials are the 2 most prevalent attack vectors. Both also ranked among the top 4 costliest incident types."
Cybersecurity awareness training will help ensure your employees know the latest techniques cyber criminals are using, how to identify phishing emails, and their role in keeping your organization safe from cyber attacks. Cybersecurity is everyone's responsibility.
We encourage you to watch a short video to hear why our cybersecurity training is important.
Who is eligible?
The 2025 MCAGP is open to local government agencies in the Commonwealth of Massachusetts:
- Cities/Towns
- Public school districts
- Municipal libraries
- Police departments and fire departments
- Planning commissions
- Municipally-run utility departments, airports, and housing authorities
- Massachusetts Public Pension Systems (PERAC)
Employees in municipal functions that have a government network-specific domain are eligible to participate.
OMST will award grants to municipal/local government agencies that demonstrate commitment from leadership for full engagement from their organization. Each awarded grant recipient must designate a local coordinator who will be responsible for administering this program. The local coordinator will have an obligation to spend approximately two hours per week to successfully improve cybersecurity awareness for every enrolled user.
Where can I learn more?
Informational sessions will be held to provide more details on the MCAGP and to answer any questions. Please find details and links to register below.
Should you have any further questions about the program, please click below to check out our Frequently Asked Questions (FAQ) or you can email us at CyberAwarenessGrant@mass.gov.
How to apply
Organizations are encouraged to apply through a competitive application process which opens during October, Massachusetts Cybersecurity Awareness Month. Program costs are covered by EOTSS. OMST partners with organizations that are awarded the MCAGP by monitoring each organizations program, conducting regular communication with the designated Local Coordinator(s), and holding Office Hours
Applications will be reviewed on a rolling basis until all licenses have been awarded.
Next steps
Local government agencies are accepted into the grant program on a rolling basis after the application period opens. Applications will be reviewed on a rolling basis until all licenses have been awarded.
Review Process
The staff at the Executive Office of Technology Services and Security will review applications based on factors such as:
- A commitment to communicate and partner with EOTSS to better understand the importance of cybersecurity at the local level
- A willingness to assign and support the Local Coordinator in their oversight of the program
- An assurance that an email is assigned from your organizational domain for each user