The Statewide Cybersecurity Review Board’s Working Group oversees cybersecurity assessments of state agencies that operate critical information systems or handle federally regulated data. The assessments are conducted by an independent, trusted third party in accordance with the cybersecurity framework established by the National Institute for Standards and Technology (NIST), requirements of the Health Insurance Portability and Accountability Act (HIPAA), and other recognized risk-focused assessment frameworks. A total of seven state agencies underwent a cybersecurity assessment in FY 2018. The assessments yielded a security assessment report, a gap analysis, a plan of action and milestones report, and a risk assessment report.