Home 5 Office of the Director 5 Operations 5 Homeland Security 5 California Cybersecurity Integration Center 5 Cybersecurity Surveys

Cybersecurity Surveys

Overview

This page hosts several surveys relevant to cybersecurity in California. In general, participation is voluntary. However, select surveys may be requirements for grant program subrecipients.

State and Local Cybersecurity Grant Program (SLCGP) Required Surveys

Applicants are required to complete various surveys – please see the appropriate Request for Proposals for details. Applicants should complete only ONE survey/questionnaire for each organization/agency applying for a grant. Please coordinate within your organization to ensure the appropriate cybersecurity leaders and subject matter experts weigh-in on these surveys, but they can be submitted by your primary grant applicant point of contact.

  • REQUIRED: State and Local Government Cybersecurity Maturity Questionnaire
    • Survey link: https://calcsic-prod.agilsoft.cloud/worker-portal/public/survey/6d22650d-b333-4e25-941e-e0022aeba105
    • Opens: Friday, January 16, 2026
    • Closes: Friday, March 13, 2026
    • The agilsoft.cloud link provided above is to an approved vendor platform provided under contract to Cal OES. If possible, please save a copy of your organization’s response and include it with your grant application documents. Applicants can also download the questions as a fillable pdf form which may be included with grant applications.
  • REQUIRED: See NCSR below. The NCSR is a post-award requirement for SLCGP sub-recipients.

For more information on the SLCGP, see the Cal OES Grants Management SLCGP page

NCSR

The Nationwide Cybersecurity Review (NCSR) is generally voluntary but is also a requirement of certain federal grant programs. The NCSR is a free, anonymous, annual self-assessment designed to measure gaps and capabilities of a SLT’s cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework and is sponsored by DHS and the MS-ISAC.

SLCGP entities and their subrecipients should complete the NCSR, administered by the MS-ISAC, during the first year of the award/subaward period of performance and annually.

For more information, visit Nationwide Cybersecurity Review (NCSR) (cisecurity.org).