Nationwide Cyber Security Review (NCSR)
What is the NCSR?
The NCSR, or Nationwide Cyber Security Review, is a voluntary self-assessment survey designed to evaluate cyber security management within state, local, tribal and territorial governments.
The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, the U.S. Department of Homeland Security (DHS) has partnered with the Center for Internet Security's Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Association of Counties (NACo) to develop and conduct the second NCSR.
Nationwide Cyber Security Review
Who can participate?
All states (and all agencies within), local government jurisdictions (and all departments within), tribal and territorial governments.
The survey started October 1, 2014 to coincide with National Cyber Security Awareness Month, and must be completed by November 30, 2014.
What to expect from the survey
- 85 total questions
- 15 demographic questions
- 59 survey questions
- 4 emerging technology questions
- 7 post survey
- Based on security program maturity scale
- Closely aligned with standards and best practices including:
- Control objectives for Information Technology (CoBIT),
- Statement on Auditing Standards Number 6 (SAS 6),
- Sans 20 Critical Security Controls, and
- National Institute of Standards and Technology (NIST) Special Publication 800
To access the online tool, go to https://navis.coilfiresystems.com/login.aspx
Survey Question Areas
Security program | Risk managment | Physical access controls | Logical access controls | Personnel and vendor contracts
Security within technology lifecycles | Information dispostion | Malicious code | Monitoring and audit trails
Incident management | Business continuity | Security testing | Privacy