Minimum Baseline of Cybersecurity for Municipalities
Goal 4: Secure Technology Environment and Best Practices
Benefits - Reduce threat of cybersecurity incidents and minimize incident impacts
How - Begin to secure your technology environment and improve your municipal resiliency with practical first steps through implementation of security best practices, such as an annual vulnerability assessment, firewall implementation/ maintenance, regular backups, system updates, and inventory control.
Download the Informational PDF 
Watch the Learning Module Below to Learn More
Resources
| Item/Document | Description | Link | Access |
|---|---|---|---|
| MassCyberCenter – General Best Practices | Links to general best practices guides and government agencies for the latest alerts, prevention tips, and ways to ensure your organization stays cyber resilient | https://masscybercenter.org/cyber-resilient-massachusetts/resources-support-cyber-resiliency | All |
| MassCyberCenter – Minimum Baseline of IT | A set of foundational recommendations for municipalities to standardize on information technology (IT) policies and practices in order to create an effective cybersecurity program. | PDF Download | All |
| MassCyberCenter –Critical Infrastructure Toolkit | Guidance, frameworks, tools, and best practices for critical infrastructure cybersecurity around Operational Technology (OT) and Industrial Control Systems (ICS)—especially for smaller organizations with limited resources | https://masscybercenter.org/critical-infrastructure-toolkit | Free to all |
| Office of Municipal and School Technology at the Massachusetts Executive Office of Technology Services & Security – Health Check Program | Free services for local government to access basic cybersecurity by discovering, assessing and identifying cybersecurity gaps that could impact IT systems that support essential business functions | https://massgov.formstack.com/forms/ cyber_security_it_health_check |
Free to all municipalities |
| Operational Services Division at the Massachusetts Executive Office of Administration and Financial - ITS78: Statewide Contract for Data, Cybersecurity, and Related Audit, Compliance, and Incident Responses Services | State-wide contract for vendor services, including a full range of audit, penetration tests, reviews, and validation of compliance with legal, regulatory, and policy requirements, and related services in areas such as data breach investigation, remediation, and security of confidential information | https://www.mass.gov/doc/its78/download | All |
| Cybersecurity & Infrastructure Security Agency (CISA) Cyber Essentials | A guide for leaders of small businesses, as well as leaders of small and local government agencies, to develop an actionable understanding of where to start implementing organizational cybersecurity practices | https://www.cisa.gov/publication/cisa-cyber-essentials | All |
| Center for Internet Security (CIS) Controls | A series of 18 foundational and advanced cybersecurity controls to quickly establish the protections providing the highest payoff in an organizations | https://www.cisecurity.org/controls/cis-controls-list/ | All |