An official website of the State of Maryland.

Maryland.gov Translate

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Department of Information Technology

Cybersecurity Local Government Resources

tk

    External Cybersecurity Resources for Local Governments

    ​​NCSR​​

    The Nationwide Cybersecurity Review (NCSR) is a free, anonymous, self assessment available to State, Local, Tribal, and Territorial governments to help measure gaps and capabilities in cybersecurity programs using the NIST CSF. Sponsored by the Department of Homeland Security and the M​ulti-State Information Sharing and Analysis Center, the NCSR evaluates governments based on five core functions, 23 categories, and 108 sub categories. Completing the NCSR helps the organization identify actionable steps to improve cybersecurity maturity and to cross-reference with best p​ractices, standards, and requirements. The NCSR is open on an annual basis from October 1st to February 28th.

    Learn more about the Nationwide Cybersecurity Review (NCSR)​

    MS-ISAC​

    The MS-ISAC is a membership-based collaboration between the Cybersecurity and Infrastructure Security Agency and the Center for Internet Security that provides SLTT entities with a number of services and informational products. CISA and CIS provide no-cost services and a security operations center to monitor and analyze threats targeting members.

    Learn more and sign up for MS-ISAC​

    Learn about​ and sign up for Maryland Information Sharing and Analysis Center (MD-ISAC) member community

    ​​CISA Cyber Hygiene

    CISA provides free cyber hygiene services that are available to SLTT governments to help organizations assess, identify, and reduce their exposure to threats. Among these services are vulnerability scanning, web application scanning, phishing campaign assessments, and remote penetration tests.

    To sign up, email [email protected]

    Learn  more about CISA Cyber Hygiene

    ​CISA K​-12 Report​

    To help schools address cybersecurity risks, CISA created a report with recommendations and guidelines to be used in conjunction with the corresponding toolkit to help K-12 schools reduce cybersecurity risks. The toolkit provides resources and guidance that align with each of the recommendations in CISA’s report. Along with each recommendation, there are actions and resources that help build, operate, and maintain cybersecurity for each K-12 entity. The toolkit also provides free cybersecurity training relevant to K-12 organizations.

    Learn more about the ​CISA K-12 Report

    Cross-Sector Cybersecurity Performa​​​nce Goals

    The CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The Cross-Sector Cybersecurity Performance Goals (CPGs)provide an approachable common set of IT and OT cybersecurity protections that are clearly defined, straightforward to implement, and aimed at addressing some of the most common and impactful cyber risks. The CPGs are written and designed to be easy to understand and to communicate with non-technical audiences, including senior business leadership.​

    Learn more about the Cross-Sect​or Cybersecurity Performance Goals​​​​

    Maryland’s Local Cyber Assessment Tool

    ​Maryland's Local Cybersecurity Assessmen​t tool follows the NIST CSF (v1.1) framework. Each control will be scored with the maturity scale for both the National Cybersecurity Review (NCSR) and the State Minimum Cybersecurity Standards (SMCS). This will allow you to submit both the NCSR and fulfill the certification requirement for the SMCS.

    Click h​ere to access the Local Cybersecurity Assessment Tool.​ - XLSX - 401.54 KB

    ​You can use the tool to begin collecting the documentation needed to complete the assessment.

    Recommended Steps:

    1. Create a folder for the corresponding documents
    2. Label each document (number and name) for easy reference in the tool
    3. Write a high level description of the corresponding document, process, or procedure in the tool.
    4. If you do not have a corresponding document, process, or procedure- no worries! Just write N/A. That will become part of the remediation process.

    Please contact [email protected] for any questions.

    State and Local Cybersecurity Grant Program

    The State and Local Cybersecurity Grant Program (SLCGP) is a first-of-its-kind federal cybersecurity grant program specifically for addressing cybersecurity risk and threats to information systems owned or operated by state, local, and territorial governments. The program allows for targeted investments to be made in these government entities to improve the security of critical infrastructure and provide a higher level of resiliency to the services provided to communities. The main four objectives of SLCGP are to:

    1. Implement cyber governance and planning;
    2. Assess and evaluate systems and capabilities;
    3. Mitigate prioritized issues; and
    4. Build a cybersecurity workforce

    Learn more about the State and Local Cybersecurity Grant Program.

    ​​The Cybersecurity Committee meets monthly. The meetings are subject to the Open Meetings Act. The meeting information is published on MDEM’s website​.