How the Foundational Assessment Makes Starting or Improving a Cybersecurity Program Easier
As cybersecurity maturity becomes a larger goal for the U.S. State, Local, Tribal, and Territorial (SLTT) landscape, many are using assessment solutions to identify which cybersecurity activities they should start with at a high level. Many have turned to the Nationwide Cybersecurity Review (NCSR). It's a no-cost, annual, and anonymous self-assessment that helps SLTT government organizations like you measure capabilities and assess gaps in your cybersecurity program.
Depending on your cybersecurity maturity, you might find the 100+ question set of the NCSR to be overwhelming at first. That's why the Center for Internet Security (CIS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) created the Foundational Assessment.
A Starting Place for Cybersecurity Assessments
The Foundational Assessment is a shorter assessment option introduced by the MS-ISAC and designed for organizations just getting started on their cyber maturity journey. It contains 32 foundational cybersecurity questions that align to the NIST CSF and the CIS Critical Security Controls (CIS Controls). These questions come with three answer options: “Not Implemented,” “Partially Implemented,” and “Fully Implemented.” As such, the Foundational Assessment is designed to guide you through the first 12-24 months of developing your cybersecurity program as an on ramp to, but not a replacement of, engaging in follow-on assessment frameworks like the NCSR.
"Our organization has a security roadmap planned out, but the Foundational Assessment was helpful in prioritizing activities."K-12 School District
"Cybersecurity was not a focus previously, but with new leadership, aligning to both the CIS Controls and NIST Cybersecurity Framework is a goal. We are starting a cybersecurity program from scratch, so the Foundational Assessment was helpful to get started."City Government
Foundational Assessment User Guide
Provides end-user guidance on accessing and navigating the assessment platform, as well as directions on completing the assessment. Information on the automated reporting is also included.
Download GuideTake Your Cybersecurity Program to the Next Level
Participant feedback on the Foundational Assessment has been overwhelmingly positive. It fits the needs of SLTTs that are just beginning or are refamiliarizing themselves with their cybersecurity program. The personalized walkthrough of an organization’s initial findings within the Foundational Assessment in particular has helped ease the burden of starting the more comprehensive NCSR assessment.
Ready to see how the Foundational Assessment can shape the trajectory of your cybersecurity program?
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.