Nationwide Cybersecurity Review (NCSR)

What is the Nationwide Cybersecurity Review?

The Nationwide Cybersecurity Review is a no-cost, anonymous, annual self-assessment designed to measure gaps and capabilities of state, local, tribal and territorial governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), is sponsored by the Department of Homeland Security (DHS) & the Multi-State Information Sharing and Analysis Center® (MS-ISAC®).

The NCSR evaluates cybersecurity maturity across the nation while providing actionable feedback and metrics directly to individual respondents in State, Local, Tribal & Territorial (SLTT) governments.

Using the results of the NCSR, DHS delivers a bi-yearly anonymous summary report to Congress providing a broad picture of the cybersecurity maturity across the SLTT communities. The NCSR is hosted on a secure GRC software platform.

Who Can Participate in the NCSR?

All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate.


  • Receive metrics specific to your organization to identify gaps and develop a benchmark to gauge year-to-year progress, as well as anonymously measure your results against your peers.
  • Attain reporting in order to prioritize the “next steps” towards cybersecurity improvement, based on area of deficiency.
  • Obtain resources and services that can help you fulfill the desired steps towards cybersecurity improvement.
  • For HIPAA compliant agencies, translate your NCSR scores to the HIPAA Security Rule scores of an automatic self-assessment tool.
  • Gain access to a repository of informative references, such as NIST 800-53,COBIT,and the CIS Controls that can assist in managing cybersecurity risk.
  • Fulfill the NCSR assessment requirement for the Homeland Security Grant Program (HSGP). Additional information located here:
  • Nationally, aggregate NCSR data provides a baseline, foundational understanding of SLTT cybersecurity posture to help drive policy, governance and resource allocation.
  • Results enable Federal partners to better understand the status quo and engage in more strategic, cyber-specific planning and preparedness to help manage national risk and improve SLTT core capabilities

Getting Started

ArrowNCSR 2021 FAQs
  • Provides answers to frequently asked questions specific to the NCSR
Arrow NCSR-One-Page-Overview
  • Provides a high-level summary of the NCSR and its benefits.
Arrow NCSR General User Guide
  • Provides end-user guidance on accessing and navigating the NCSR portal, as well as directions on completing the assessment. Information on the automated reports is also included.
Arrow NIST Cybersecurity Framework
  • Provides additional information on the NIST Cybersecurity Framework, courtesy of the National Institute of Standards and Technology.
Arrow NCSR Maturity Scale
  • The NCSR maturity scale is listed in the above link. A maturity level will be selected as an answer for the NIST CSF activities in the NCSR assessment.
Arrow NCSR Assessment Demo
  • View a demo of taking the NCSR. Learn how to register, login, and complete the assessment.

New Participants

If you are a new participant, please complete the form on this page. One of our NCSR team members will review your information and be in touch with next steps.

Returning Participant

If you participated in a previous NCSR survey, simply visit the NCSR Portal and proactively reset your password. Use the General User Guide listed above to login to the platform and access your information. Use the General User Guide listed above to login to the platform and access your information.

NCSR Resources

Contact Us

For any questions, please contact us via e-mail at or by phone (518) 266-3466.



The NCSR is open annually from October 1 to February 28.

NCSR Registration Form


Note: If you are with a department or office within a local jurisdiction (Example: City Department of Public Safety), and your\ information technology is managed by a core/centralized entity within your jurisdiction, then that entity can register and complete the NCSR to cover your office. Please consult with your jurisdiction’s appropriate information technology contacts.