Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

This page is no longer being updated and the information may be out of date.

CSF 1.1 State, Local, Tribal, and Territorial Resources


Critical Infrastructure




Assessment & Auditing



Resources relevant to State, Local, Tribal, and Territorial governments.

  • City of Houston's Cybersecurity Control Implementation Interface
    (A web based application/collection of tools that provides access to the policies and procedures boilerplates, interactive utilities, FAQ's, a step-by-step road map, and even best practices for the implementation of the NIST Cybersecurity Framework.)
  • Contra Costa County Employment & Human Services Department's Security Maturity Self-Assessment
    (An open source Security Awareness Assessment to quantitatively assess your current level.)
  • Florida Agency for State Technology’s FCS Risk Assessment Tool 
    (select Florida Cybersecurity Standards Risk Assessment Tool v2 under Security Resources - this risk Assessment tool was developed by the Florida Agency for State Technology to manage cybersecurity risk. The tool’s worksheets—as well as the underlying calculations—can be modified by organizations to meet their specific needs.)
  • Greater Houston Partnership's Cybersecurity Infrastructure Assessment
  • Nationwide Cybersecurity Review (NCSR) 
    (A free, anonymous, annual self-assessment survey that is based on the National Institute of Standards and Technology Cybersecurity Framework and is sponsored by the Department of Homeland Security (DHS) and the MS-ISAC.)
  • The California Department of Technology (CDT), Office of Information Security (OIS) has established the California Cybersecurity Maturity Metrics - These metrics were developed to allow Agencies/state entities to better evaluate the effectiveness of their budgeted cybersecurity resource allocations and capture objective data points - they can be found HERE (Select SIMM 5300-C - Cybersecurity Maturity Metrics (XLSX)).
  • The State of Texas' Agency Security Plan
    (A plan developed by the Texas Department of Information Resources through collaboration between government and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies.)
  • Threat Sketch’s ts governance for Small Governments 
    (A guide written specifically for local governments and municipalities that provides tools for implementing a strategic cyber risk management plan.)
  • US-Cert’s Resources for State, Local, Tribal, and Territorial (SLTT) Governments
Created February 7, 2018, Updated February 26, 2024