IT Security Assessments

There are several no-cost cyber security assessments available from the U.S. Department of Homeland Security law enforcement departments, and the governmental and critical infrastructure entities within their jurisdictions. These assessments can be used to increase organizational cyber security preparedness and resilience, and to identify existing vulnerabilities to help prevent the compromise of IT assets and networks. A few of these assessments are described below:

LECC Cyber Report Card

How does your agency measure up when it comes to cyber security? Law enforcement information systems and resources are increasingly at risk of attack, intrusion, ransomware, and denial of service. In order to assist chiefs in assessing their cyber security, the IACP announces the release of a Cyber Report Card for law enforcement executives.

The LECC Cyber Report Card was designed with the Canadian Association of Chiefs of Police (CACP), the Computer Crime & Digital Evidence (CCDE) Committee of IACP, chiefs of small and mid-sized agencies, and the LECC strategic partners. It is designed to be completed by chiefs and their information technology (IT) professionals. In addition to basic questions regarding fundamental IT security issues (e.g., password management, confidentiality, policy and procedures), the Report Card also provides references to key tools and resources to aid chiefs and IT service providers in assessing their current security profile, and in building robust, resilient information systems.

View the LECC Cyber Report Card.

The Cyber Resilience Review (CRR)

The Cyber Resilience Review is a no-cost, voluntary, non-technical assessment to evaluate an organization’s IT resilience and cyber security practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cyber security professionals. The CRR assesses enterprise programs and practices across multiple domains.

For more information, please visit

The Cyber Hygiene (CH) Program

Cyber Hygiene is a technical assessment scanning of internet accessible systems for known vulnerabilities and configuration errors. Based on findings, remediation and mitigation recommendations are made, allowing the stakeholder to improve their cyber security posture. This assessment can be done remotely and on a specified recurring basis.

For more information, please email

IACP Conference