Skip to main content

The Takeaway

Most states are preparing for cyber threats appropriately, but almost all are only getting started with their IT modernization plans. Three states achieved a score of “Very Good,” 24 states achieved a score of “Good,” while 24 states are still “Getting Started.” None achieved “Exceptional” or “Excellent.”

Additional support, whether from the federal government or through the budgeting process, can help states and territories improve their modern IT and cyber security preparedness. Among Territories, only Puerto Rico scored “Good,” while two territories came in at “Getting Started” or “Baseline,” and two scored “Needs Help.” While states have made great progress since the start of the pandemic, federal support can make a difference for those states and territories that have had major impacts on their budget.


Most states lack a Cloud First Statute that requires the prioritization of cloud solutions. While 32 states have a Cloud Related Strategy, only three have a Cloud First Statute, leaving those strategy-only states without the support codification can bring to a modernization effort.

Most states are missing at least one of the three key components of a modern digital government experience. While 20 states are undergoing a modernization effort through a Digital Service Team (DST), Innovation Focused Group, or other Digital Service Plan, only seven states have a basic digital government experience with only one having the characteristics of a modern digital government experience.

Why This Matters

Unemployment benefits, public transportation apps, and filing state tax returns or applications to start a new business are just a few services that would run more efficiently and securely if states modernized their IT infrastructure through increased adoption of commercial cloud solutions. Cloud services allow state unemployment websites to be better equipped to deal with a sudden and unexpected usage increase—like what occurred early in the pandemic. States that are not using cloud services are leaving sensitive information vulnerable, such as credit card information or location data that residents input when buying a bus pass in a public transportation app or a social security number on a tax return.

How The Scorecard Works

SITARA examines a variety of data points that are relevant to IT modernization discussions as well as cyber security maturity. With an established baseline of participation in programs recommended by Cyber Security & Infrastructure Security Agency (CISA), SITARA measures additional efforts that will help governments focus on current and future threats related to the use of IT equipment and services while also moving towards developing a digital and more accessible set of services built on a modern infrastructure.