Nationwide Cybersecurity Review (NCSR) Frequently Asked Questions

State of Tennessee Project Questions

Who is sponsoring the NCSR?

This project is sponsored by the state's Cyber Security Advisory Council and led by Strategic Technology Solutions (STS) within the Tennessee Department of Finance and Administration.

What is the goal of the NCSR for the State of Tennessee?

The goal is to help counties, cities, municipal governments, post-secondary schools, and school districts (local organizations) raise their organization's cybersecurity awareness and maturity, while providing them with a plan to address their cybersecurity areas of improvement and enabling eligibility for Federal funded cybersecurity services.

What is Strategic Technology Solutions (STS)?

Part of the Department of Finance & Administration, STS is the state of Tennessee’s Central Information Technology Service bureau.

Who is supporting STS for the NCSR project?

STS has partnered with Deloitte to support the 1,300+ local organizations engaging in the NCSR.

Nationwide Cybersecurity Review (NCSR) Questions

What is the NCSR?

The Nationwide Cybersecurity Review (NCSR) is an anonymous, annual self-assessment, designed to measure gaps and capabilities of state and local governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

Is the NCSR a requirement for my organization?

While participation in the NCSR is voluntary, it will provide your organization with an understanding of your cybersecurity maturity and make your organization eligible for future Federal funded cybersecurity services.

Is the NCSR related to the requirements in Tennessee Utilities Bill Number 2282, Amendment HB2346?

No, the NCSR is not related to the Utilities Bill Number 2282 that places requirements on some organizations. However, completing the NCSR is a great opportunity to obtain a cybersecurity baseline.

My organization has completed the NCSR already in the past. Why should I complete the NCSR with support from STS?

While participation in the TN NCSR Project is voluntary, organizations are welcome to complete the NCSR online independently from STS. Participating in the TN NCSR Project will allow you to benefit from guidance and support from STS’s cybersecurity professionals and partners. Participating organizations will also receive a Plan of Action
and Milestones (POA&M) that identifies areas of improvement and suggested corrective actions.

How much does it cost to take the NCSR?

The NCSR is available at no cost to the local organization.

How long does it take to complete the NCSR?

The NCSR takes approximately four to eight hours to complete.

Who can register to complete the NCSR?

County governments, municipal governments, post-secondary schools, and school districts are eligible to participate in the TN NCSR Project.

How do I register for the NCSR?

Email ncsr@tn.gov and the State of Tennessee NCSR team will help get your organization started in the process.

Do I need to be a member of the Multistate Information Sharing and Analysis Center (MS-ISAC) to take the NCSR?

No, however all States, State Agencies/Departments, Local Government Jurisdictions, and Local Government Agencies/Departments are encouraged to sign-up for MS-ISAC. The MS-ISAC is free to join and provides cybersecurity resources and services at no cost. To learn more about MS-ISAC please visit their website at cisecurity.org/ms-isac

Who from my organization should participate in the NCSR?

The ideal individuals to complete the NCSR are IT personnel or IT vendors within your organization who are responsible for the IT/cybersecurity services. In the absence of IT personnel, the local organization's leader is encouraged to participate, with guidance and support provided by STS and its partners.

Will support be made available to our internal and/or external IT resources in completing the NCSR?

Yes. The STS NCSR team will partner directly with the organization’s IT resources, both internal and external, as needed to complete the NCSR.

If we do not have IT personnel within our organization, should we pay to have a vendor assist us in completion of the NCSR?

The goal for the State of Tennessee, STS, and our partners, is to support each organization to complete the NCSR accurately so that STS can identify areas of improvement in cybersecurity maturity across the State that could be addressed through Federal grant funding. Organizations are welcome to partner with an IT services professional in completing the NCSR in addition to support from STS and our partners, however this is not necessary.

What are the benefits of participating in the NCSR?

Receive no-cost support in completing the NCSR and access to suggested corrective actions, become eligible for future State and Federal funded support, and resources to improve your cybersecurity maturity. Eligibility to receive metrics specific to your organization to identify areas of improvement, prioritize next steps, and measure year-to-year progress.

Is my information shared with anyone outside of the MS-ISAC?

Completing the NCSR online means your results are private to your organization. By choosing to participate in this initiative with STS, this means your results will be visible to a select number of STS cybersecurity personnel and the state vendor to develop your organization’s plan of actions and milestones to improve your cybersecurity maturity.

Can other organizations view my results?

In no instance will an organization’s NCSR results be shared or distributed to or with any other organization. A select number of STS employees will have visibility to the NCSR results. During the NCSR process, STS will issue a Memorandum of Understanding (MOU) to your organization to align on expectations of the NCSR results.

Partnering with the State of Tennessee to complete the NCSR

Who should I contact with NCSR related questions?

The STS NCSR team will support you every step of the way. Please email NCSR@tn.gov with any questions or concerns you may have regarding the NCSR.

What type of support is available to me while I’m completing the survey?

There are several support opportunities available to you depending on your organization's needs. NCSR support opportunities will be shared during the project kickoff, informational webinars and email communications. If you have specific questions, please email us at NCSR@tn.gov.