What is NCSS CARES?
The NCSS Cybersecurity Assessment and Resiliency Evaluation for Small Business (CARES) was adapted from the CERT Resilience Management Model and CMMI (Capability Maturity Model Integration). It defines maturity levels based upon CMMI. The framework aligns with the NIST Cybersecurity Framework and a complete mapping of questions to the framework can be found under our Resource page. It is a free assessment methodology for small business.
NCSS recommends someone knowledgeable about your business take the survey to determine your company’s cyber risk; (takes about 15 minutes to complete). Upon completion, your business will be assigned a score and a definition of what the score means in terms of your cyber security posture. We recommend after completing the survey, your team sign up for a NCSS membership; and request a remediation plan. Contact us directly, and we will send you an Insights Report and a Small Business Toolkit to get your started on your cybersecurity improvement.
With membership, your business will receive weekly cyber tips, monthly threat advisories and access to technical guides on how to implement a specific cyber business practice.
The CARES questions were derived from industry feedback and selected based upon NCSS educational tracts. CARES is a survey that translates the framework into a useful action plan – tailored to the specific needs of the small business.