Nationwide Cyber Security Review

What Is the Nationwide Cyber Security Review?

The Nationwide Cyber Security Review (NCSR) is a free, anonymous, annual self-assessment survey that is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and is sponsored by the Department of Homeland Security (DHS) and the MS-ISAC.

The NCSR evaluates cybersecurity maturity across the nation while providing actionable feedback and metrics directly to individual respondents in State, Local, Tribal & Territorial (SLTT) governments.

Using the results of the NCSR, DHS delivers a bi-yearly anonymous summary report to Congress providing a broad picture of the cybersecurity maturity across the SLTT communities.

Arrow  Check out the 2016 NCSR Summary Report
Arrow  Download the 2017 NCSR General User Guide

Who Can Participate in the NCSR?

All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate.

Why Participate?

  • Acquire metrics to assist in cybersecurity investment justifications
  • Anonymously measures your results against your peers
  • Receive recommendations to improve your cybersecurity posture via NIST, COBIT, ISO and CIS Controls
  • For HIPAA compliant agencies, translates your NCSR scores to the HIPAA Security Rule scores for an automatic self-assessment tool
  • Measure your progress against the NIST framework
  • Develop a benchmark to gauge your own year-to-year progress
  • Serves as a communication tool for users to express their needs to key stakeholders
  • Contribute to the Nation’s cyber risk assessment process
  • Aligned with the Presidential Executive Order on Strengthening Cybersecurity (NIST CSF)

How Does It Work?

  • Question set is based on the NIST Cybersecurity Framework
  • Covers the core components of cybersecurity and privacy programs
  • Designed to measure entities' progress against the NIST CSF
  • Hosted on a secure portal
  • Based on key milestone activities for information risk management
  • Closely aligned with security governance processes and maturity indexes embodied in accepted standards and best practices
  • Designed to be completed in about an hour
  • Provides specific sections of standards, guidelines, and practices

Getting Started

New Participants

If you are a new participant, please complete the form on the right. One of our NCSR team members will review your information and be in touch with next steps. For questions or assistance, contact us at or 518-880-0736.

Returning Participant

If you participated in a previous NCSR survey, simply visit the NCSR portal and enter last year's credentials. (Please note that the instance number is 20244.)

For all other questions, such as resetting your password, adding additional users to your account and/or registering sub-entities, please contact us via e-mail at or by phone (518) 880-0736.


DHS logoThe U.S. Department of Homeland Security (DHS) has partnered with the Multi-State Information Sharing & Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop the Nationwide Cyber Security Review.

The Department of Homeland Security is responsible for safeguarding our nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. DHS's National Protection and Programs Directorate (NPPD) leads the efforts to secure cyberspace and cyber infrastructure. For additional information, please visit


NASCIO logoThe National Association of State Chief Information Officers mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969, NASCIO is a nonprofit, 501(c)(3) organization representing state chief information officers and information technology executives and managers from the states, territories, and the District of Columbia. The primary state members are senior officials from state government who have executive level and statewide responsibility for information technology leadership. State officials who are involved in agency-level information technology management may participate as associate members. Representatives from federal, municipal, international government, and nonprofit organizations may also participate as members. Private-sector firms join as corporate members and participate in the Corporate Leadership Council. For additional information, please visit


The National Association of Counties is the only national organization that represents county governments in the United States. Founded in 1935, NACo provides essential services to the nation's 3,069 counties. NACo advances issues with a unified voice before the federal government, improves the public's understanding of county government, assists counties in finding and sharing innovative solutions through education and research, and provides value-added services to save counties and taxpayers money. For additional information, please visit


The NCSR is open annually from October to December.


Arrow Register below to participate in the 2018 NCSR.