Skip to main content


IA Launches The SITARA Map Assessing U.S. States’ And Territories’ Cybersecurity Posture And IT Modernization Efforts

Washington, DC – Today, Internet Association (IA) released the State, Local, Tribal, and Territorial Information Technology Advancing Reform Achievements (SITARA) map, a state-by-state analysis of preparedness for the cybersecurity and civic tech challenges across all 50 states, the District of Columbia, and the U.S. Territories. IA’s SITARA map—which shows that state governments have a solid cybersecurity foundation and are making strides in improving IT modernization efforts—examines cloud-first initiatives, measures digital service innovation, and tracks cyber security efforts, among other valuable metrics.

SITARA uses an established baseline of participation in programs recommended by the Cybersecurity & Infrastructure Security Agency (CISA). The map provides examples and data that can be used to strengthen public sector IT infrastructure now and in the future, taking into account each state’s unique circumstances. It also shows where additional support, whether from the federal government or through the budgeting process, can help states and territories move beyond baseline metrics, to ultimately help them provide a modern and secure IT infrastructure to their employees and the general public.

“Whether because of under-resourced and under-funded information security programs, IT infrastructure based on legacy technology, or the lack of a Digital Service Team or an Innovation Focused Group, some U.S. States and Territories are having a harder time than others adapting to the digital and remote-first era we are in,” said IA Director of Cloud Policy Omid Ghaffari-Tabrizi. “SITARA allows us to identify the states and territories that need the most help and where we can lay out tangible examples of what other governments have done to address similar challenges, providing policymakers with a clear roadmap of nationally recognized best practices to ensure continuous improvement in a manner best suited for their state or territory.”

IA’s SITARA analysis found:

  • Most states are preparing for cyber threats appropriately, but almost all are only getting started with their IT modernization plans. Three states achieved a score of “Very Good,” 24 states achieved a score of “Good,” while 24 states are still “Getting Started.” None achieved “Exceptional” or “Excellent.”
  • Additional support, whether from the federal government or through the budgeting process, can help states and territories improve their modern IT and cybersecurity preparedness. Among Territories, only Puerto Rico scored “Good,” while two territories came in at “Getting Started” or “Baseline,” and two scored “Needs Help.” While states have made great progress since the start of the pandemic, federal support can make a difference for those states and territories that have had major impacts on their budget.
  • Most states lack a Cloud First Statute that requires the prioritization of cloud solutions. While 32 states have a Cloud Related Strategy, only three have a Cloud First Statute, leaving those strategy-only states without the support codification can bring to a modernization effort.
  • Most states are missing at least one of the three key components of a modern digital government experience. While 20 states are undergoing a modernization effort through a Digital Service Team (DST), Innovation Focused Group, or other Digital Service Plan, only seven states have a basic digital government experience with only one having the characteristics of a modern digital government experience.

“Unemployment benefits, public transportation apps, and filing state tax returns or applications to start a new business are just a few services that would run more efficiently and securely if states modernized their IT infrastructure through increased adoption of commercial cloud solutions. Commercial cloud services allow state unemployment websites to be better equipped to deal with a sudden and unexpected usage increase—like what occurred early in the pandemic. States that are not using commercial cloud services are leaving sensitive information vulnerable, such as credit card information or location data that residents input when buying a bus pass in a public transportation app or a social security number on a tax return,” continued Ghaffari-Tabrizi. “Ultimately, IA’s SITARA analysis highlights how states and territories can improve their cybersecurity posture and IT modernization efforts, while expanding the availability of critically important services to Americans all across the country.”

To view IA’s SITARA map, click here.

To view IA’s GitHub repository, which includes Excel sheets with SITARA data, click here.