Minimize government cybersecurity risk

The new security framework

Tools and services can help federal, state, and local governments establish an IT security program, reduce cybersecurity risk and protect citizen data.

A protective framework — the National Institute of Standards and Technologies (NIST) Special Publication 800-53 (NIST SP 800-53) — is a series of controls being adopted by state, local and tribal governments, as well as at the federal level. It’s also gaining use in the commercial sector.

As for tools and templates for state and local governments to manage their risk, there is a wide range available — much of it free. For example, the Department of Homeland Security (DHS) offers a suite of services around cybersecurity, e.g., assessments, evaluations, reviews, network scans and threat intelligence sharing. There is also free membership in the Multi-State Information Sharing and Analysis Center or MS-ISAC, a nonprofit partnership between DHS and the Center for Internet Security (CIS). Membership in MS-ISAC offers services such as threat advisories, intelligence sharing, incident response and malicious code reviews, as well as access to free tools including CIS-CAT baselines within the CIS SecureSuite. You can apply the baseline assessment across all technologies — servers, databases, even some communication technology.

While there is no such thing as absolute cybersecurity assurance, these tools and services can help you address your prioritized and risk-ranked issues.

For more about managing cybersecurity risk, watch “The New Security Framework: Minimizing Cyber Risk for State and Local Governments.”


Dave SimpriniDave Simprini
Principal, Public Sector
T +1 703 373 8698