Executive Order 2024-011 Risk Assessment

The Cybersecurity Office is conducting its first annual cybersecurity risk assessment to evaluate the current cybersecurity posture across state entities. This assessment is aligned with the NIST Cybersecurity Framework (CSF) 2.0 and facilitates compliance with these directives outlined in Executive Order 2024-011:

1. The Cybersecurity Office shall conduct information technology and security assessments on state entities to detect security vulnerability incidents and support mitigation efforts as necessary and within capabilities.
2. State entities shall adopt and implement cybersecurity, information security, and privacy policies, standards, and procedures based upon no less than moderate-impact security control baselines, frameworks, and standards issued by NIST.

Please use the following links to access the additional documents that support the process:

• Annual Cybersecurity Risk Assessment Overview.pdf – instructions for completing the Microsoft Word and Microsoft Forms risk assessment versions, guidance for submission, response workbook for supplemental questions, and a glossary of terms.
• Cybersecurity Risk Assessment Survey Form V2.docx – a word version of the risk assessment to allow for entities to internally collaborate to complete the risk assessment.
• Response Worksheet.xlsx – an excel worksheet the must be completed and uploaded in PDF to complete Part 2 of the Risk Assessment.

Please contact the NM Cybersecurity Office at nmcyber@cyber.nm.gov with any questions.