Nationwide Cybersecurity Review Offers Crucial Insights into Public Sector Security Strengths and Weaknesses

Assessment sees record-high participation and shows improvement year over year

EAST GREENBUSH, N.Y., January 30, 2024  — The Center for Internet Security, Inc. (CIS®) and Multi-State Information Sharing & Analysis Center® (MS-ISAC®) have unveiled the results of the annual Nationwide Cybersecurity Review (NCSR). This report offers valuable insights into the cybersecurity maturity of U.S. State, Local, Tribal, and Territorial (SLTT) organizations.

About the NCSR:

  1. Assessment Availability: The NCSR is a no-cost cybersecurity program assessment, open to all U.S. public sector organizations at the SLTT level.
  2. Data: The current NCSR Summary Report features anonymized, aggregate data findings from assessments conducted between October 2022 and February 2023. It provides a comprehensive view of the cybersecurity strengths and weaknesses of the SLTT community.
  3. Recommendations for Improvement: The report offers actionable recommendations to drive improvements in cybersecurity practices.

Who it Benefits:

  • IT directors and cybersecurity employees within U.S. State, Local, Tribal, and Territorial organizations, including election offices, K-12 schools, public universities, cities, counties, and other local offices/departments

Key Findings:

  1. Data: More than 3,600 SLTT organizations participated.
  2. Strengths: Areas where participants performed well include identity management, awareness and training, and planning for mitigation and recovery should an incident occur.
  3. Weaknesses: Areas in need of improvement include a lack of formal development plans for vulnerability management.
  4. Key challenges: Participants list a lack of sufficient funding, increasing sophistication of threats, a lack of documented processes, emerging technologies, and inadequate availability of cybersecurity professionals among the biggest hurdles they face.

Additional Resources:

  • The full report can be found here.
  • A blog post on the CIS website provides further details into the report's main findings.
  • Registration for the current NCSR assessment is available until February 29, 2024.

If you’d like to speak to one of CIS’s cybersecurity professionals about the findings of the NCSR, and why public sector organizations should participate in 2024, please contact Kelly Wyland, Media Relations Manager at CIS, at [email protected] or call/text 518-268-6978.

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit CIS or follow us on X: @CISecurity.