skip navigation

Cybersecurity Resources for Local Governments

This page provides a compilation of information security resources available to local governments in Washington State, including MRSC's Information Security Assessment Tool, along with examples of cybersecurity RFPs.

MRSC Information Security Assessment Tool

MRSC's Information Security Assessment Tool, developed in 2015 in partnership with the State Auditor's Office Center for Government Innovation and MK Hamilton and Associates (now CI Security), allows local government staff and officials to assess their current information security abilities, which can form the basis of a strategic plan to improve cybersecurity.

  • User Guide – Read the user guide first before completing the assessment tool
  • Information Security Assessment Tool – Complete this form to measure your organization's current information security capabilities and maturity, which can form the basis of a strategic plan

Also see our Cybersecurity Research Report summarizing focus group and survey data findings about existing practices, common challenges, and potential opportunities for local governments in Washington

In addition, our staff members and contributors occasionally write blog posts about cybersecurity.

Washington State Auditor's Office

The Performance Audit team at the Washington State Auditor’s Office has published Continuing Opportunities to Improve State Information Technology Security (2018), a report detailing areas for improvement at the state agency level. The report itself is instructive for local governments.

In addition, the Auditor’s Office is expanding their audits by offering cybersecurity audits as an opt-in, no-cost option for local governments. The audit would be designed to identify areas of risk or vulnerability, recommend best practices tailored to the local government environment, and provide guidance for resolving the risks identified. If you are interested in learning more, please contact Peg Bodin: 360-464-0113.

In 2019, SAO launched a #BeCyberSmart initiative to help all local government staff (not just IT) understand their roles in cybersecurity. This resource provides tips and guidance for staff working in the following areas:

  • Leadership and planning
  • Finance and administration
  • Human resources
  • Information technology
  • Facilities and operations
  • Legal and compliance

SAO also provides cybersecurity trainings for local government leaders and staff. To learn more and sign up for email updates, visit

Department of Homeland Security

The Department of Homeland Security provides an array of services to local jurisdictions that manage critical infrastructure for energy, water, transportation, financial systems, and other capabilities that support community needs and ways of life. The program offers multiple resources including cybersecurity guidance and assessments, hardware and software support, incident reporting, and training and education.

Multi-State Information Sharing and Analysis Center (MS-ISAC)

The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's state, local, tribal, and territorial (SLTT) governments. The MS-ISAC 24x7 cybersecurity operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response.

SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. It provides intensive, immersion training designed for people to master the practical steps necessary for defending systems and networks against the most dangerous threats.

Washington State Military Cybersecurity Division

The Washington State Military Cybersecurity Division identifies and schedules multiple training events, seminars, and cybersecurity scenario exercises aimed at raising awareness of emergency managers across the state to better prepare them to address incidents involving cyber systems. 

Federal Trade Commission (FTC)

The FTC offers resources for business and home and specifically a list of recent scams to be aware of. This can be helpful for organizations wanting to share general security awareness with their employees. The FTC site also provides a place to file complaints.

FBI’s Internet Crimes Complaint Center (IC3)

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) which provides both information security information and a place to file complaints. These complaints are stored and can be used for prosecution.

National Institute of Standards and Technology (NIST) Cybersecurity Resource Center

The NIST Resource Center provides information security tools and practices, a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia. It is also a good portal to find all of NIST’s cyber related standards.

Michael Hamilton’s Daily Information Security News Blast

Michael sends out a daily report summarizing current news items related mostly to critical infrastructure information security issues. To sign up, contact Michael at

Washington State Fusion Center – Threat Reports

The Fusion Center’s cyber analyst provides detailed and actionable reports on current bad IP addresses and URLs. To sign up for this mailing, contact Lance Fuhrman at

Cyber Incident Response Coalition and Analysis Sharing (CIRCAS)

This organization, including participants from public and private sectors, federal, state, local and tribal government and DHS, academia and law enforcement was created to share information and resources before, during and after a cyber event. To learn more, contact David R Matthews at

Examples of Cybersecurity RFPs

Below are some examples of requests for proposals to improve local government cybersecurity capabilities.



Last Modified: October 07, 2019