Advancing Whole-of-State Security: Core Elements and Maturity Scale

U.S. State, Local, Tribal, and Territorial (SLTT) governments face increasingly interconnected cyber risks that no single organization or jurisdiction can address alone. As cyber incidents cross geographic and organizational boundaries, states are challenged to provide leadership, coordination, and support while respecting local autonomy and capacity.

This resource presents a community‑informed framework facilitated by the Center for Internet Security^® (CIS^®) and the Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®) that outlines the core elements commonly found in effective whole‑of‑state (WOS) security programs. It also introduces a practical maturity scale that reflects how these capabilities typically develop over time.

Rather than prescribing a single model, the framework is designed to support self‑assessment, executive dialogue, and informed decision‑making. It recognizes that states differ in governance structures, resources, and risk environments — and that progress often occurs incrementally.