CIS Logo
tagline: Confidence in the Connected World

2017 Nationwide Cybersecurity Review (NCSR) Summary Report Now Available

Annual Assessment Measures Cybersecurity Maturity and Risk Awareness within State, Local, Tribal, and Territorial Governments

October 31, 2018

East Greenbush, NY

CIS® (Center for Internet Security, Inc.) Multi-State Information Sharing & Analysis Center® (MS-ISAC®) offers an annual free cybersecurity assessment resource for state, local, tribal, and territorial (SLTT) governments called the Nationwide Cybersecurity Review (NCSR). The NCSR encapsulates the findings of an extensive national survey that measures the gaps and capabilities of state, local, tribal, and territorial (SLTT) governments’ cybersecurity programs. The results from the latest assessment, the 2017 NCSR Summary Report are now available.

The results of the 2017 report are based on participation from 476 SLTT entities from 45 states, 129 locals (representing 39 states), 5 tribes, and 297 state agencies.

The 2017 NCSR Summary Report’s key findings include:

  • The SLTT community continues to exhibit growth in its cybersecurity maturity.
  • The SLTT community has identified the same top five security concerns over the past three years:
    • Increasing sophistication of threats
    • Lack of sufficient funding
    • Emerging technologies
    • Lack of documented processes
    • Inadequate availability of cybersecurity professionals
  • In analyzing the 2015, 2016 and 2017 data, on average 79 percent of top-level decision-makers are receiving periodic reports on the status of information risk, controls, and/or security within their organizations.

“Although SLTT’s cyber maturity levels continue to improve, the SLTT community is still below the recommended baseline,” said Tom Duffy, Chair of the MS-ISAC.

The Nationwide Cybersecurity Review (NCSR) is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), and it is sponsored by the Department of Homeland Security (DHS) & the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), and in partnership with the National Association of State Chief Information Officers (NASCIO), the National Association of Counties (NACo), and GMIS International.

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) lists the NCSR as a risk management resource for SLTTs at https://www.nist.gov/cyberframework/framework-resources.

To view the 2017 Nationwide Cybersecurity Review, visit https://www.cisecurity.org/white-papers/2017-ncsr/.

Participation in the 2018 NCSR is available until December 15, 2018, please register by visiting https://www.cisecurity.org/ms-isac/services/ncsr/.

“I encourage everyone in the SLTT community to utilize the NCSR, because it not only identify gaps in their security programs, but it to also supports their justification requirement for cybersecurity investments under the Homeland Security Grant Program,” added Tom Duffy.

For more information on the Homeland Security Grant Program, visit https://www.fema.gov/media-library-data/1531343052420-a717641058b2641d349cc2ee1252fb76/Supplemental_Guidance_Cybersecurity_FY18_NOFO_IB_Final_7_11_18_508.pdf.

Benefits of participating in the NCSR:

  • You can utilize the NCSR to fulfill your justification requirement for cybersecurity investments under the Homeland Security Grant Program
  • Receive metrics specific to your organization
  • Use the metrics provided to identify gaps in your security program
  • Access to informative references such as NIST 800-53, COBIT, and the CIS Controls that can assist in managing cybersecurity risk
  • Anonymously measure your results against peers
  • Be a part of the ongoing effort to chart national cybersecurity maturity & identify areas of concern
  • For HIPAA compliant agencies, the survey translates your NCSR scores to the HIPAA Security Rule scores for an automatic self-assessment tool
  • Develop a benchmark to gauge year-to-year progress

National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) list the NCSR as a risk management resource for SLTTs https://www.nist.gov/cyberframework/framework-resources.

About CIS

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. The CIS Controls and CIS Benchmarksare the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. Our CIS Hardened Images™ are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud. CIS is home to both the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center™ (EI-ISAC™), which supports the cybersecurity needs of U.S. State, Local and Territorial elections offices.  To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.