Cybersecurity Grants for State Authorities and Enterprises

The competition is organized by CRDF Global with funding from the U.S. Department of State. The program aims to improve cybersecurity and cyber resilience of governmental authorities and critical infrastructure SOEs in Ukraine. Support is provided for modern technologies, services, equipment, software, and other solutions that strengthen information and infrastructure protection against cyber threats. The main objectives are to enhance cyber resilience, modernize information and cyber infrastructure, and improve preparedness for current cyber threats.

The grant programme is open to governmental authorities of Ukraine and state-owned enterprises operating critical infrastructure that may be vulnerable to cyber threats or other cyber incidents.

Key eligibility requirements include:

• All proposed vendors, equipment, software and services must comply with applicable U.S. export control laws, sanctions regulations and related requirements.
• Applicants must clearly define the problem and justify the need for the requested equipment, services or software.
• A detailed breakdown of the required resources must be provided.
• Applicants must submit at least one commercial offer from a potential vendor capable of supplying the proposed goods or services.
• A list of additional potential vendors, including at least three names and relevant contact information, must also be provided.
• A complete application package must be submitted in English only.

Applications that do not meet the stated eligibility requirements may be declined without further review or evaluation.

The grant programme supports projects aimed at strengthening cybersecurity and improving information system resilience within Ukrainian government institutions and critical infrastructure entities.

Eligible project areas include:

• cybersecurity enhancement and improvement of cybersecurity capabilities;
• data protection and threat analysis;
• cybersecurity posture assessments and security audits;
• strengthening professional qualifications and cybersecurity capacity of personnel.

Supported project activities may include:

• procurement of necessary equipment, software and services;
• optimization and improvement of cybersecurity processes and systems;
• cybersecurity assessments and audits of protection systems;
• professional training and capacity-building activities in cybersecurity.

Project proposals should include a clear problem statement, proposed solution, expected outcomes, a monitoring and evaluation framework with defined performance indicators, and a justification of the requested resources and costs.

Key milestones include:

• Competition opening: 19 June 2026.
• Application submission deadline: 10 July 2026.

Applicants are encouraged to prepare and submit all required materials before the stated deadline. Applications submitted after the closing date will not be considered within the current competition round.

Applications must be submitted electronically no later than 10 July 2026 via email: nonpro-grants@crdfglobal.org.

The application process includes the following steps:

1. Prepare the required application package in English.
2. Complete the CRDF Global proposal application package, including:
   • Institutional Data Form (IDF);
   • Project Overview;
   • Scope of Work (SOW);
   • Workplan (WP);
   • Budget;
   • Budget Narrative.
3. Attach the CV of the Principal Investigator or project coordinator.
4. Include at least one commercial offer from a potential vendor.
5. Prepare a list of additional potential vendors.
6. Submit the complete application package by email to the address specified in the programme guidelines.
7. Use the required email subject format, including the RFP number and applicant organization name.
8. Applicants will receive a confirmation message from CRDF Global after successful submission.

Applicants with questions regarding the submission process may contact the CRDF Global team using the contact details provided in the programme documentation.

Applications are assessed using a 100-point scoring system. The evaluation focuses on project relevance, demonstrated need, value for money, strategic alignment and long-term sustainability.

Key evaluation criteria include:

• Project Relevance and Potential Impact — 35 points. Reviewers assess how the project strengthens cybersecurity, improves information resilience, and delivers organizational and infrastructure benefits supported by measurable outcomes.
• Need for Equipment, Software and/or Services — 25 points. Assessment considers the justification for the requested support, its integration into existing IT/OT environments, and its relevance to the institution’s operational needs.
• Clarity, Feasibility and Sufficient Detail of Proposed Activities — 10 points. Evaluators review the clarity of objectives, implementation plan, milestones, technical requirements, and defined responsibilities.
• Cost Effectiveness — 10 points. The budget is assessed for reasonableness, market alignment, adequate justification, and consideration of long-term ownership costs such as maintenance and training.
• Alignment with U.S. Strategic Cybersecurity Priorities — 15 points. This criterion includes:
  • standards and framework alignment — 5 points;
  • technology origin and use of U.S. or allied-partner solutions — 5 points;
  • strategic cooperation and contribution to cybersecurity resilience — 5 points.
• Sustainability and Institutional Capacity — 5 points. Reviewers assess the institution’s ability to maintain and operate the acquired cybersecurity capabilities after the grant period, including trained personnel, maintenance planning and long-term commitment.

Maximum total score: 100 points.

Decisions regarding funding and the awarding of grants are contingent upon the availability of funding from the program’s donors. CRDF Global reserves the right to cancel, suspend, or modify the call for proposals at any stage.

Grant recipients are required to complete reporting obligations following the implementation of the supported activities.

Key requirements include:

• A Final Program Report must be submitted within one month of receiving the grant assistance.
• The grant close-out process includes reporting responsibilities on the grantee’s side.
• Submission of the final report is a mandatory requirement for completing the grant and documenting the results of the supported activities.

The reporting process is used to verify project implementation outcomes and formally close the grant in accordance with programme requirements.

Applicants are required to review the CRDF Global General Terms and Conditions, which are incorporated into the application form and published together with the competition documentation. Submission of an application implies compliance with all applicable programme requirements.

Key provisions include:

• Each applicant may submit only one application under this Competition.
• Selected applicants will be notified directly by CRDF Global via email after the announcement of results.
• Each selected grantee must submit a Final Program Report within one month of receiving grant assistance.
• Grantees must provide a signed acceptance certificate confirming receipt of the delivered equipment.

Compliance with these conditions is required for all participants and successful grantees throughout the implementation of the programme.