Nationwide Cyber Security Review

What Is the Nationwide Cyber Security Review?

The Nationwide Cyber Security Review, or NCSR, is an annual voluntary self-assessment survey designed to help U.S. State, Local, Tribal, and Territorial (SLTT) organizations evaluate their cybersecurity processes and posture.

Who Can Participate in the NCSR?

All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate.

Why Participate?

  • To receive customized reports to help you understand your cybersecurity maturity, including:
    • A detailed report of your responses, along with recommendations to improve your organization's cybersecurity posture
    • Additional summary reports that gauge your cybersecurity measures against those of your peers (using anonymized data)
  • To prioritize your effort to develop security controls
  • To develop a benchmark to gauge year-to-year progress
  • To receive metrics to assist in cybersecurity investment justifications
  • To contribute to the nation's cyber risk assessment process

How Does It Work?

  • Hosted on a secure portal
  • Based on key milestone activities for information risk management
  • Closely aligned with security governance processes and maturity indexes embodied in accepted standards and best practices
  • Question set is based on the NIST Cybersecurity Framework
  • Covers the core components of cybersecurity and privacy programs
  • Designed to be completed in about an hour
  • Designed to measure entities' progress against the NIST Cybersecurity Framework
  • Provides specific sections of standards, guidelines, and practices including the CIS Controls

About the Survey

The NCSR takes place each fall and the survey period remains open for one month. CIS provides NCSR participants with instructions and guidance, and additional support is available through online help, supplemental documentation, and the ability to contact the NCSR Help Desk directly from the survey.

Once the survey is complete, participants have immediate access to an individualized report that measures the level of adoption of security controls within their organization and which includes recommendations on how to raise the organization's risk awareness. In alternate years only (odd-numbered years), the MS-ISAC and DHS aggregate survey data and share a high-level summary with all NCSR participants. The names of participants and their organizations are not identified in this report. This report is also provided to the U.S. Congress to highlight cybersecurity gaps and capabilities among our state, local, tribal, and territorial governments.

Getting Started

New Participants

Arrow If you are a new participant, please contact us at NCSR@cisecurity.org or 518-880-0736.

Returning Participant

Arrow If you participated in a previous NCSR survey, simply visit the NCSR portal and enter last year's credentials. (Please note that the instance number is 20244.)

For all other questions, such as resetting your password, adding additional users to your account and/or registering sub-entities, please contact Molly Gifford via e-mail at NCSR@cisecurity.org or by phone (518) 880-0736.

Partners

The U.S. Department of Homeland Security (DHS) has partnered with the CIS Multi-State Information Sharing & Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop the Nationwide Cyber Security Review.

The Department of Homeland Security is responsible for safeguarding our nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. DHS's National Protection and Programs Directorate (NPPD) leads the efforts to secure cyberspace and cyber infrastructure. For additional information, please visit www.dhs.gov/cyber.

The National Association of State Chief Information Officers mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969, NASCIO is a nonprofit, 501(c)(3) organization representing state chief information officers and information technology executives and managers from the states, territories, and the District of Columbia. The primary state members are senior officials from state government who have executive-level and statewide responsibility for information technology leadership. State officials who are involved in agency-level information technology management may participate as associate members. Representatives from federal, municipal, international government, and nonprofit organizations may also participate as members. Private-sector firms join as corporate members and participate in the Corporate Leadership Council.

The National Association of Counties is the only national organization that represents county governments in the United States. Founded in 1935, NACo provides essential services to the nation's 3,069 counties. NACo advances issues with a unified voice before the federal government, improves the public's understanding of county government, assists counties in finding and sharing innovative solutions through education and research, and provides value-added services to save counties and taxpayers money.

 

Want to participate in the NCSR?

 

Arrow New participants can contact us at NCSR@cisecurity.org.

 

Arrow Returning participants can simply visit the NCSR portal and enter last year's credentials. The instance number is 20244.