How the Foundational Assessment Makes Starting or Improving a Cybersecurity Program Easier

As cybersecurity maturity becomes a larger goal for the U.S. State, Local, Tribal, and Territorial (SLTT) landscape, many are using assessment solutions to identify which cybersecurity activities they should start with at a high level. Many have turned to the Nationwide Cybersecurity Review (NCSR). It's a no-cost, annual, and anonymous self-assessment that helps SLTT government organizations like you measure capabilities and assess gaps in your cybersecurity program.

Depending on your cybersecurity maturity, you might find the 100+ question set of the NCSR to be overwhelming at first. That's why the Center for Internet Security (CIS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) created the Foundational Assessment.

A Starting Place for Cybersecurity Assessments

The Foundational Assessment is a shorter assessment option introduced by the MS-ISAC and designed for organizations just getting started on their cyber maturity journey. It contains 32 foundational cybersecurity questions that align to the NIST CSF and the CIS Critical Security Controls (CIS Controls). These questions come with three answer options: “Not Implemented,” “Partially Implemented,” and “Fully Implemented.” As such, the Foundational Assessment is designed to guide you through the first 12-24 months of developing your cybersecurity program as an on ramp to, but not a replacement of, engaging in follow-on assessment frameworks like the NCSR.

K-12--Quote Security roadmap inline blog graphic 

The Foundational Assessment officially became available in September 2022 in alignment with the State and Local Cybersecurity Grant Program (SLCGP) webinar announcement. While the NCSR remains a post-award requirement of this Program, the Foundational Assessment can help if you have not yet used an assessment to take a holistic view of your cybersecurity program.

If you complete the Foundational Assessment, you can also opt to participate in a Maturity Review. Launched in June 2022, Maturity Reviews offer MS-ISAC member organizations with a personalized 30-minute session to join with a CIS expert and review assessment results, discuss reporting findings to key stakeholders, and explore how to prioritize improvements within your cybersecurity program.

City-Govt--Quote--Cybersecurity-was-not inline blog quote 

Take Your Cybersecurity Program to the Next Level

Participant feedback on the Foundational Assessment has been overwhelmingly positive. It fits the needs of SLTTs that are just beginning or are refamiliarizing themselves with their cybersecurity program. The personalized walkthrough of an organization’s initial findings within the Foundational Assessment in particular has helped ease the burden of starting the more comprehensive NCSR assessment.

Ready to see how the Foundational Assessment can shape the trajectory of your cybersecurity program?