Nationwide Cybersecurity Review (NCSR)
What is the Nationwide Cybersecurity Review?
The Nationwide Cybersecurity Review is a no-cost, anonymous, annual self-assessment designed to measure gaps and capabilities of state, local, tribal and territorial governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), is sponsored by the Department of Homeland Security (DHS) & the Multi-State Information Sharing and Analysis Center® (MS-ISAC®).
The NCSR evaluates cybersecurity maturity across the nation while providing actionable feedback and metrics directly to individual respondents in State, Local, Tribal & Territorial (SLTT) governments.
Using the results of the NCSR, DHS delivers a bi-yearly anonymous summary report to Congress providing a broad picture of the cybersecurity maturity across the SLTT communities. The NCSR is hosted on a secure GRC software platform.
Who Can Participate in the NCSR?
All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate.
- Receive metrics specific to your organization to identify gaps and develop a benchmark to gauge year-to-year progress, as well as anonymously measure your results against your peers.
- Attain reporting in order to prioritize the “next steps” towards cybersecurity improvement, based on area of deficiency.
- Obtain resources and services that can help you fulfill the desired steps towards cybersecurity improvement.
- For HIPAA compliant agencies, translate your NCSR scores to the HIPAA Security Rule scores of an automatic self-assessment tool.
- Gain access to a repository of informative references, such as NIST 800-53,COBIT,and the CIS Controls that can assist in managing cybersecurity risk.
- Fulfill the NCSR assessment requirement for the Homeland Security Grant Program (HSGP). Additional information located here: https://www.fema.gov/homeland-security-grant-program.
- Nationally, aggregate NCSR data provides a baseline, foundational understanding of SLTT cybersecurity posture to help drive policy, governance and resource allocation.
- Results enable Federal partners to better understand the status quo and engage in more strategic, cyber-specific planning and preparedness to help manage national risk and improve SLTT core capabilities
- Provides answers to frequently asked questions specific to the NCSR
- Provides a high-level summary of the NCSR and its benefits.
- Provides end-user guidance on accessing and navigating the NCSR portal, as well as directions on completing the assessment. Information on the automated reports is also included.
- Provides additional information on the NIST Cybersecurity Framework, courtesy of the National Institute of Standards and Technology.
- The NCSR maturity scale is listed in the above link. A maturity level will be selected as an answer for the NIST CSF activities in the NCSR assessment.
View a demo of taking the NCSR. Learn how to register, login, and complete the assessment.
If you are a new participant, please complete the form on this page. One of our NCSR team members will review your information and be in touch with next steps.
If you participated in a previous NCSR survey, simply visit the NCSR Portal and proactively reset your password. Use the General User Guide listed above to login to the platform and access your information. Use the General User Guide listed above to login to the platform and access your information.
NCSR Reporting Templates
Metrics Workgroup Reference Guides
For any questions, please contact us via e-mail at firstname.lastname@example.org or by phone (518) 266-3466.