What is NCSR?
The NCSR, or Nationwide Cybersecurity Review, is a voluntary self-assessment survey designed to evaluate cybersecurity management.
The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, the U.S. Department of Homeland Security (DHS) has partnered with the Center for Internet Security's Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop and conduct the NCSR.
Who can participate?
All States (and agencies), Local government (and departments), Tribal and Territorial governments.
For more information, contact:
Why should you participate?
- to take advantage of free and voluntary self-assessment to evaluate your cybersecurity posture
- to receive customized reports to help you understand your cybersecurity maturity, including:
- a detailed report of your responses along with recommendations to improve your organization's cybersecurity posture
- additional summary reports that gauge your cybersecurity measures against peers (using anonymized data)
- to prioritize your effort to develop security controls
- develop a benchmark to gauge your own year-to-year progress
- receive metrics to assist in cybersecurity investment justifications
- contribute to the nation's cyber risk assessment process
How does it work?
- hosted on a secure portal
- based on key milestone activities for information risk management
- closely aligned with security governance processes and maturity indexes embodied in accepted standards and best practices
- question set based on the NIST Cybersecurity Framework
- covers the core components of cybersecurity and privacy programs
- designed to be completed in about an hour
- as of 2015, designed to measure entities progress against the NIST Framework
- provides specific sections of standards, guidelines, and practices including our very own CIS Critical Security Controls
When does the survey take place?
The survey will open on Friday November 4, 2016 and run through the end of December
The NCSR provides participants with instructions and guidance, and additional support is available through online help, supplemental documentation and the ability to contact the NCSR help desk directly from the survey.
Once complete, participants will have immediate access to an individualized report that measures the level of adoption of security controls within their organization and includes recommendations on how to raise the organization's risk awareness. In alternate years only (odd numbered years) the MS-ISAC and DHS will aggregate all review data and share a high level summary with all participants. The names of participants and their organizations will not be identified in this report. This report is provided to Congress in alternate years (odd numbered years) to highlight cybersecurity gaps and capabilities among our State, Local, Territorial and Tribal Governments.
The U.S. Department of Homeland Security (DHS) has partnered with the Center for Internet Security's (CIS) Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop the Nationwide CyberSecurity Review.
DHS is responsible for safeguarding our Nation's critical infrastructure from physical and cyber threats that can affect national security, public safety, and economic prosperity. NPPD leads DHS's efforts to secure cyberspace and cyber infrastructure. For additional information, please visit www.dhs.gov/cyber.
NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. Founded in 1969, the National Association of State Chief Information Officers (NASCIO) is a nonprofit, 501(c)3 association representing state chief information officers and information technology executives and managers from the states, territories, and the District of Columbia. The primary state members are senior officials from state government who have executive-level and statewide responsibility for information technology leadership. State officials who are involved in agency level information technology management may participate as associate members. Representatives from federal, municipal, international government and non-profit organizations may also participate as members. Private-sector firms join as corporate members and participate in the Corporate Leadership Council.
CIS is a nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS serves as a central resource in the development and delivery of high-quality, timely products and services to assist our partners in government, academia, the private sector and the general public in improving their cybersecurity posture.
MS-ISAC, a division of CIS, is the focal point for cyber threat prevention, protection, response and recovery for the nation's state, local, territorial and tribal (SLTT) governments. The MS-ISAC 24x7 cybersecurity operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response. The National Association of Counties (NACo) is the only national organization that represents county governments in the United States. Founded in 1935, NACo provides essential services to the nation's 3,069 counties. NACo advances issues with a unified voice before the federal government, improves the public's understanding of county government, assists counties in finding and sharing innovative solutions through education and research, and provides value-added services to save counties and taxpayers money. For more information about NACo, visit www.naco.org.