Specifications include, but are not limited to: The Nationwide Cybersecurity Review (NCSR) is a no-cost, anonymous, annual self-assessment designed to measure gaps and capabilities of State, Local, Tribal & Territorial (SLTT) governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and is sponsored by the Department of Homeland Security (DHS) and the Multi-State Information Sharing and Analysis Center® (MS-ISAC). NCSR evaluates cybersecurity maturity across the nation, providing actionable feedback and metrics directly to SLTT governments. Beginning in 2022, a Contractor/Contractors shall be engaged through a five-year (three year with two optional renewals) contract to complete the NCSR process for approximately 1,332 county, city, K-12, and higher education Entities. Following the NCSR assessment, the Contractor shall create a Plan of Actions and Milestones (POAM) for each entity. A POAM template shall be developed in conjunction with STS such that it meets the needs of the Entities and is compatible with STS’ Governance Risk and Compliance (GRC) tool. a. The process is divided into two phases: (1) Phase 1 - assessment and reporting, (Year 1) i. See Pro Forma Sections A.4. – A.11. (2) Phase 2 – Advanced Recommendations. (Years 2-5) i. See Pro Forma Section A.1
