The Cybersecurity and Infrastructure Security Agency (CISA) has opened their annual, voluntary cybersecurity assessment for state, local, tribal, and territorial (SLTT) entities across the nation and aims to provide a broad picture of the current cybersecurity gaps and capabilities.
According to a Federal Register notice published on Oct. 3, the Nationwide Cyber Security Review (NCSR) assessment is in response to the Department of Homeland Security (DHS) Appropriations Act of 2010. As part of the legislation, Congress directed DHS to develop the necessary tools for all levels of government to complete a cyber network security survey.
The legislation noted the “importance of a comprehensive effort to assess the security level of cyberspace at all levels of government” and recommended that DHS “report on the status of cybersecurity measures in place, and gaps in all 50 states and the largest urban areas.”
Since its implementation over a decade ago, technology platform, LogicManner, hosts the survey every year – which is based on the National Institute of Standards and Technology’s (NIST) cybersecurity framework – from October to February. The target audience for the NCSR is personnel within the SLTT community who are responsible for the cybersecurity management within their organization.
After the NCSR is gathered on a voluntary, annual basis by CISA, a summary report is presented to Congress every other year that details the progress charted and further areas of concern for SLTTs identified in the self-assessments.
The 2020 report showed a “high” participation level, at almost 3,000 respondents across the SLTT community, but they just barely missed the mark for NIST’s recommended cyber maturity level. However, the report shows improvement among all SLTT groups from the 2018 survey.
The report said, “Progress toward higher maturity has continued, though no peer group has on average reached the recommended minimum maturity level.”