The Nationwide Cybersecurity Review (NCSR) is a free, anonymous, self assessment available to State, Local, Tribal, and Territorial governments to help measure gaps and capabilities in cybersecurity programs using the NIST CSF. Sponsored by the Department of Homeland Security and the Multi-State Information Sharing and Analysis Center, the NCSR evaluates governments based on five core functions, 23 categories, and 108 sub categories. Completing the NCSR helps the organization identify actionable steps to improve cybersecurity maturity and to cross-reference with best practices, standards, and requirements
The NCSR is open on an annual basis from October 1st to February 28th.
For more information, see: https://www.cisecurity.org/ms-isac/services/ncsr
The MS-ISAC is a membership-based collaboration between the Cybersecurity and Infrastructure Security Agency and the Center for Internet Security that provides SLTT entities with a number of services and informational products. CISA and CIS provide a no-cost services and a security operations center to monitor and analyze threats targeting members.For more information on the MS-ISAC and how to sign up, see
CISA Cyber Hygiene
CISA provides free cyber hygiene services that are available to SLTT governments to help organizations assess, identify, and reduce their exposure to threats. Among these services are vulnerability scanning, web application scanning, phishing campaign assessments, and remote penetration tests.
To sign up, email
For more information, see:
CISA K-12 Report
To help schools address cybersecurity risks, CISA created a report with recommendations and guidelines to be used in conjunction with the corresponding toolkit to help K-12 schools reduce cybersecurity risks. The toolkit provides resources and guidance that align with each of the recommendations in CISA’s report. Along with each recommendation, there are actions and resources that help build, operate, and maintain cybersecurity for each K-12 entity. The toolkit also provides free cybersecurity training relevant to K-12 organizations.
For more information, see:
Cross-Sector Cybersecurity Performance Goals
The CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The Cross-Sector Cybersecurity Performance Goals (CPGs)provide a approachable common set of IT and OT cybersecurity protections that are clearly defined, straightforward to implement, and aimed at addressing some of the most common and impactful cyber risks. The CPGs are written and designed to be easy to
understand and relatively easy to communicate with non-technical audiences, including senior business leadership.https://www.cisa.gov/cross-sector-cybersecurity-performance-goals