Department of Homeland Security Offers Free Cybersecurity Assessments

The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) offers a Cybersecurity Assessments program free of charge to any public or private organization that requests them.

Recent estimates have put the number of attacks against state and municipal governments at 150 million a day, making ‘cyber-hygiene’ – the process of analyzing system infrastructures to test for and correct vulnerabilities – an increasingly vital practice.

The services – which are provided both remotely and with in-person technical support – are centered on identifying and analyzing system vulnerabilities. For larger organizations, the tests can serve to augment other security testing procedures, while for agencies and communities with more limited funding, they are an alternative to services that would otherwise have to be purchased from the private sector.

The program includes:

  • cyber-hygiene assessments – which analyze potential weak configurations in Internet-facing systems;
  • phishing campaign assessments – which measure human susceptibility to lure emails;
  • remote penetration testing – which simulates a cyber attack to expose gaps in security; and,
  • a red team – which utilizes social engineering efforts to understand intrusion methods and system flaws that adversaries exploit.

The State of Pennsylvania has been using the services since mid-2016 to complement its own security tests and continues to receive regular reviews from the program.

“The great thing about these services is that they’re for everybody,” said Erik Avakian, chief information security officer of Pennsylvania.

North Dakota’s Information Technology Department, which already conducts its own cyber-hygiene tests has also been receiving the DHS assessments for a little more than a year.

“It’s somebody else doing it for us — to validate and for us to compare notes, really,” state chief information security officer Sean Wiese said.

For more information on the DHS Cybersecurity Assessments program, visit