Nationwide Cybersecurity Review (NCSR)

What is the Nationwide Cybersecurity Review?

The Nationwide Cybersecurity Review is a no-cost, anonymous, annual self-assessment designed to measure gaps and capabilities of state, local, tribal and territorial governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), is sponsored by the Department of Homeland Security (DHS) & the Multi-State Information Sharing and Analysis Center® (MS-ISAC®).

The NCSR evaluates cybersecurity maturity across the nation while providing actionable feedback and metrics directly to individual respondents in State, Local, Tribal & Territorial (SLTT) governments.

Using the results of the NCSR, DHS delivers a bi-yearly anonymous summary report to Congress providing a broad picture of the cybersecurity maturity across the SLTT communities.

New Platform Resources


Arrow NCSR General User Guide
  • Provides end-user guidance on accessing and navigating the NCSR portal, as well as directions on completing the assessment. Information on the automated reports is also included.
Arrow "Introducing the New NCSR Webinar Recording




Arrow MS-ISAC Risk Assessment Guide
  • This guide from the MS-ISAC Metrics Workgroup provides steps on how to leverage NCSR responses to perform a risk assessment.


  • Provides answers to frequently asked questions specific to the NCSR


Arrow NCSR-One-Page-Overview
  • Provides a high-level summary of the NCSR and its benefits.


Arrow CIS Controls Version 8 – NCSR Results Mapping Template
  • Provides a mapping template aligning your NCSR results to CIS Controls Version 8, including the breakout of Implementation Groups 1, 2, and 3.


Arrow NIST CSF Policy Template Guide 2020
  • Aligns publicly available SANS policy templates, as well as donated policy and standard templates from New York and California, to the NIST Cybersecurity Framework (which is the NCSR question set)


Arrow NCSR-Data-Reporting-Template 
  • Provides a template that end-users can customize to present NCSR data to key stakeholders.


Arrow Cybersecurity Resources Guide 
  • Provides a mapping of the NIST Cybersecurity Framework to: MS-ISAC Services, CIS Services, No-Cost FedVTE Online Training, Policy Templates, and open source resources.


Arrow  Cybersecurity Resources Mapped to NIST CSF - NCSR Results Template
  • Provides a mapping template aligning your NCSR results to the “Cybersecurity Resources Guide”
Arrow  NIST Cybersecurity Framework
  • Provides additional information on the NIST Cybersecurity Framework, courtesy of the National Institute of Standards and Technology.


Arrow  Webinar: Investing in Cybersecurity through Preparedness Grants
  • Provides a webinar recording courtesy of DHS CISA, describing the Homeland Security Grant Program (HSGP) and the associated NCSR requirement


Arrow  Supply Chain Cybersecurity Resources Guide
  • This brief guide from the MS-ISAC Metrics Workgroup provides access to resources that can assist with supply chain and third-party vendor processes.


Arrow First Steps Within a Cybersecurity Program
  • This brief guide from CIS and the MS-ISAC provides actions that can be implemented to establish and improve an organization’s cybersecurity program.

Past NCSR Summary Reports

2016 NCSR Summary Report
2017 NCSR Summary Report
2018 NCSR Summary Report

Who Can Participate in the NCSR?

All states (and agencies), local governments (and departments), tribal nations, and territorial governments are encouraged to participate.


  • Receive metrics specific to your organization to identify gaps and develop a benchmark to gauge year-to-year progress, as well as anonymously measure your results against your peers.
  • Attain reporting in order to prioritize the “next steps” towards cybersecurity improvement, based on area of deficiency.
  • Obtain resources and services that can help you fulfill the desired steps towards cybersecurity improvement.
  • For HIPAA compliant agencies, translate your NCSR scores to the HIPAA Security Rule scores of an automatic self-assessment tool.
  • Gain access to a repository of informative references, such as NIST 800-53,COBIT,and the CIS Controls that can assist in managing cybersecurity risk.
  • Fulfill the NCSR assessment requirement for the Homeland Security Grant Program (HSGP). Additional information located here:
  • Nationally, aggregate NCSR data provides a baseline, foundational understanding of SLTT cybersecurity posture to help drive policy, governance and resource allocation.
  • Results enable Federal partners to better understand the status quo and engage in more strategic, cyber-specific planning and preparedness to help manage national risk and improve SLTT core capabilities.

How Does It Work?

The NCSR is hosted on a secure GRC software platform.. Once you complete your registration, you will have an account created where you can take the NCSR and receive metrics specific to your organization all in one place.

To learn more about the NCSR, please view our past webinar recordings:

Getting Started

New Participants

If you are a new participant, please complete the form on this page. One of our NCSR team members will review your information and be in touch with next steps. For questions or assistance, contact us at or (518) 266-3466.

Returning Participant

If you participated in a previous NCSR survey, simply visit the NCSR Portal and proactively reset your password. Use the General User Guide listed above to login to the platform and access your information. Use the General User Guide listed above to login to the platform and access your information.

For all other questions, such as resetting your password, adding additional users to your account and/or registering sub-entities, please contact us via e-mail at or by phone 518-516-6154 .


DHS logoThe U.S. Department of Homeland Security (DHS) has partnered with the Multi-State Information Sharing & Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop the Nationwide Cybersecurity Review.

The Department of Homeland Security is responsible for safeguarding our nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. DHS's National Protection and Programs Directorate (NPPD) leads the efforts to secure cyberspace and cyber infrastructure. For additional information, please visit


NASCIO logoThe National Association of State Chief Information Officers mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969, NASCIO is a nonprofit, 501(c)(3) organization representing state chief information officers and information technology executives and managers from the states, territories, and the District of Columbia. The primary state members are senior officials from state government who have executive-level and statewide responsibility for information technology leadership. State officials who are involved in agency-level information technology management may participate as associate members. Representatives from federal, municipal, international government and nonprofit organizations may also participate as members. Private-sector firms join as corporate members and participate in the Corporate Leadership Council. For additional information, please visit


The National Association of Counties is the only national organization that represents county governments in the United States. Founded in 1935, NACo provides essential services to the nation's 3,069 counties. NACo advances issues with a unified voice before the federal government, improves the public's understanding of county government, assists counties in finding and sharing innovative solutions through education and research, and provides value-added services to save counties and taxpayers money. For additional information, please visit


GMIS International is a professional IT association of worldwide government IT leaders dedicated to providing best practice solutions for initiatives by providing its members with enhanced professional development, training, conferences, awards, and networking while offering leadership through advocacy, research and shared experiences. GMIS International's primary mission is to leverage the collective knowledge of our members. In 1971, a group of IT professionals, realizing the need to foster the sharing of experiences among all levels of government involved in providing IT services, organized GMIS International. Today, we have members in 36 states. We have 15 State Chapter affiliates and we have 6 International affiliates. Membership in GMIS is open to public sector agencies at any level of government (federal, state, county, city, etc.) including schools (K-12, community college and university) and special districts. Corporate memberships are also available. For additional information, please visit


The NCSR is open annually from October to December.

NCSR Registration Form


Note: If you are with a department or office within a local jurisdiction (Example: City Department of Public Safety), and your\ information technology is managed by a core/centralized entity within your jurisdiction, then that entity can register and complete the NCSR to cover your office. Please consult with your jurisdiction’s appropriate information technology contacts.