Close

See How IT Leaders Are Tackling AI Challenges and Opportunities

New research from CDW reveals insights from AI experts and IT leaders.

Jul 31 2025
Security

Exclusive: New CISA Data Highlights Agency’s Value to States, Localities

CISA shared data with StateTech that singles out the agency’s contributions to state and local jurisdictions.

More than 12,000 state, local, federal and tribal entities received security support from the Cybersecurity and Infrastructure Security Agency in 2023 and 2024, according to data shared exclusively with StateTech.

This includes CISA’s Cyber Hygiene Services, which entail vulnerability and web application scanning to help organizations reduce risk, sharpen their incident response activities and make risk-informed decisions.

As of June 2025, 750 state government entities and nearly 5,000 localities received vulnerability scanning services. Additionally, more than 330 state entities and nearly 1,250 localities participated in web application scanning.

Click the banner below to sign up for the StateTech newsletter for weekly updates.

 

Exploring the Context for This Data

State and local governments may soon feel the squeeze as a COVID-era funding dries up, revenue surpluses dwindle and federal aid is cut.

In a recent webinar, Doug Robinson, executive director of the National Association of State Chief Information Officers, said that the State and Local Cybersecurity Grant Program is unlikely to be reauthorized after fiscal 2025.

Sean Plankey, the Trump Administration’s nominee to head CISA, said he supports the SLCGP before the Senate Committee on Homeland Security and Governmental Affairs. He also said he supports CISA’s congressional authority, which is partly to provide services that safeguard critical infrastructure.

“We support critical infrastructure operators across the country through robust cybersecurity services every day, and our commitment to this mission has not changed,” Marci McCarthy, CISA’s director of public affairs, also said in a recent statement.

CISA provided the following additional data about its support to state and local organizations in 2023 and 2024. In this context, state and local government entities include public schools and universities, public utilities, state and local government agencies and similar organizations.

RELATED: CISA’s John Bryant talks no-cost critical infrastructure services.

Hundreds of SLG Entities Participated in Security Exercises

CISA conducts cyber and physical tabletop exercises with government and critical infrastructure organizations, designed to help assess their ability to address a variety of threat scenarios.

  • In 2023, CISA conducted more than 30 exercises with states and more than 40 with localities.
  • In 2024, CISA conducted 60 exercises with states and more than 40 with localities.

Nearly 200 SLG Entities Had Cyber-Resiliency Reviews

Pending availability, state and local entities across the country can request a number of cybersecurity assessment services from CISA. One such service is the Cyber Resilience Review. This interview-based assessment evaluates operational resilience in the face of crises.

  • In 2023, CISA conducted nearly 45 CRRs with states and more than 90 with localities.
  • In 2024, CISA conducted nearly 20 CRRs with states and approximately 30 with localities.

Click the banner below for cyber resilience strategies that minimize disruption.

 

Dozens of SLGs Had External Dependencies and Management Assessments

CISA’s External Dependencies and Management Assessments help organizations understand and manage risks associated with vendor and third-party relationships, especially regarding information and communication technology.

  • In 2023, CISA conducted approximately 12 EDMs with state governments and more than 30 with localities.
  • In 2024, CISA conducted one EDM with a state and approximately 10 with localities.

100-Plus Cyber Infrastructure Survey Tools Were Completed for SLGs

CISA’s Cyber Infrastructure Survey Tool (CIST) evaluates the effectiveness of organizational security controls and cybersecurity ecosystem resilience.

  • In 2023, CISA conducted approximately 12 CISTs with state entities and more than 80 with localities.
  • In 2024, CISA conducted approximately five CISTs with states and approximately 25 with localities.

Hundreds of Jurisdictions Received Cybersecurity Performance Goal Assessments

CISA’s Cybersecurity Performance Goal Assessment (CPGA), evaluates cybersecurity technologies and practices implemented in information technology and operational technology environments in small and medium-sized organizations.

  • In 2023, CISA conducted approximately five CPGAs with states and more than 160 with localities.
  • In 2024, CISA conducted approximately 35 CPGAs with states and nearly 400 with localities.
KeithBinns/Getty Images