The Cybersecurity and Infrastructure Security Agency (CISA) has sent out their own annual voluntary cybersecurity assessment for state, local, tribal, and territorial (SLTT) areas across the country. The assessment focuses on getting a better understanding of some of the current cybersecurity issues that are still afflicting these entities.

According to a Federal Register notice published on Oct.3, the Nationwide Cyber Security Review (NCSR) assessment comes as a part of the Department of Homeland Security (DHS) Appropriations Act of 2010. The legislation requires that DHS develop the tools that varying government entities need to complete a cyber network security survey.

The legislation states that the “importance of a comprehensive effort to assess the security level of cyberspace at all levels of government” and it recommended that DHS “report on the status of cybersecurity measures in place, and gaps in all 50 states and the largest urban areas.”

Since the legislation went into law over a decade ago LogicManner, a Technology Platform, has hosted the survey every year from October to February which is housed within the National Institute of Standards and Technology’s (NIST) cybersecurity framework.

The targeted audience for the survey is personal within the SLTT communities who are responsible for the management of cybersecurity and technology within their own organizations.

Once the NCSR is gathered by all the various communities represented by the survey by CISA, a summary report is then presented to congress every other year that helps detail the progress that has been charted as well as present areas of concern for SLTT-identified communities.

According to the 2020 report, it showed a “high” participation level, with almost 300 respondents across the SLTT communities. Yet they also missed the mark for NISTs recommended cyber maturity level.

Overall, the report shows major improvements since the last report issued back in 2018.

The report said, “Progress toward higher maturity has continued, though no peer group has on average reached the recommended minimum maturity level.”