Digital Security Assessment

This assessment has been specifically designed to help you, as a grantee, gain a clear understanding of your organization's digital security strengths and any areas that may need improvement.

Throughout the assessment, you will be asked questions covering key aspects of digital security, such as password management, data protection, network security, endpoint security, incident response, and more. The information you provide will help us generate a personalized security report tailored to your organization's current needs and vulnerabilities. This report will offer practical, actionable recommendations for enhancing your digital security posture.

We recommend that this assessment be filled out by someone who is familiar with your organization's IT systems, such as an IT provider or operations lead. However, if you’re not that person, don’t worry—each section comes with clear instructions to guide you through the process. Only one person should complete the assessment on behalf of your organization.

To make things easier, you can save your progress at any time and come back later to finish. This flexibility allows you to gather any additional information you might need before submitting your responses.

After completing the assessment, you'll receive immediate feedback, including a customized security report and a risk score. This will give you a clear picture of where your organization stands and provide the insights needed to take the next steps in improving your digital security. Your participation is crucial in helping us support your organization in building a stronger, more resilient defense against digital threats.

If you have any questions or concerns, feel free to reach out to us at [email protected]

Organization Name:

Email:

First Name:

Last Name:

Email Address:

DSA Record ID

Overall Score:

Score Keys

Highly

Secure

Highly

Secure

At Risk

Severely

At Risk

Severely

At Risk

Critical

Risk

Critical

Risk

Message

Title

Staff Digital Security Awareness

Tell us about your organization's incident response planning and the measures in place to handle security breaches or other cyber incidents. We’ll ask about your incident response protocols, who is responsible for managing incidents, and how often your plans are reviewed and tested.

You'll also be asked about your organization's approach to identifying, containing, and recovering from security incidents. If you're unsure about certain processes or roles.

1. Who do you contact when you experience a tech issue, such as a computer malfunction or software error?

2. Who do you inform if you receive a phishing attempt
or a suspicious email?

3. Do you know the steps to follow if you suspect
a data breach?

4. Does your organization provide regular digital security training?

5. Do you have a process for addressing digital security incidents?

6. Are there specific protocols in place for identifying,
containing, and resolving network breaches?

7. Does your organization have a policy or training
in place for addressing online harassment?

8. Does your organization have a policy or training
in place for the secure and privacy-conscious use of AI?

Are there any additional insights or concerns regarding your organization's incident response planning that you would like to share?

Computers and Endpoint Systems

We’d like to learn a bit about the computers and systems your organization uses. This will help us understand how things work for you and make sure everything is running smoothly and safely. We’ll ask a few questions, like how many computers you use, what types they are (for example, Windows or Mac), and how you protect them from viruses or other online problems (like using a firewall). We’re also interested in how you save and back up important files, and any special ways you keep your information safe, such as using strong passwords or encrypting files. These questions will help us ensure your organization’s computers are secure and working well.

1. How many computers are currently in use within
your organization?

2. Which operating systems are currently being
used within your organization?

- How many Windows computers are currently in use within your organization?

- What operating system is the majority of staff computers running?

- How many Mac computers does your organization have?

- What version of MacOS are the majority of staff
computers running?

3. Is the firewall enabled for the majority of your
devices?

4. Does your organization have a standardized data
backup process for all computers?

- Where are your backups stored?

External driveCloud serviceOther

- How often are backups performed?

5. Does your organization have a standardized data backup
process for your cloud-based systems?

- How often are backups performed?

6. Is data encryption enabled on all devices within your organization?

7. Is malware/virus protection installed on all devices within
your organization?

8. What anti-malware or antivirus software do you have
installed?

9. How does your organization manage its passwords?

10. Are scheduled password changes enforced within your
organization?

Are there any other security measures you have implemented or concerns you would like to share?

DNS and Website Security

Tell us about the DNS and website systems your organization currently uses and the security measures in place. We’ll ask about your domain management, hosting provider, SSL certificates, and any protections you have implemented to safeguard your website.

You'll also be asked about who manages these systems, including DNS records, website updates, and security monitoring. If you're unsure about certain features or configurations, there will be an option to indicate that as well.

Finally, share any additional security measures or concerns related to your DNS and website systems to help ensure the integrity and safety of your online presence.

1. Who is your domain registrar?

2. Do you know when the domain expires?

3. Is the domain name private?

4. Is multi-factor authentication (MFA) enabled
on the registrar account?

5. Which company provides your web hosting services?

6. Do you have MFA enabled for web hosting accounts?

7. How often do you perform website backups?

8. Who is your DNS hosting provider?

9. Is Cloudflare or another DNS security service enabled?

10. What Content Management System (CMS) platform is
being used?

11. Are all Content Management System accounts protected
by Multi-Factor Authentication (MFA)?

12. Is an MFA plugin installed on your CMS?

13. Is SPF, DKIM, and DMARC configured for your domain?

Are there any additional website security measures you have implemented or concerns you would like to share?

Network Security

Tell us about the network security measures your organization currently uses to protect its systems and data. We’ll ask about firewalls, intrusion detection systems, VPN usage, and other protocols in place to safeguard your network infrastructure.

You'll also be asked about who manages network security, including monitoring, access controls, and response strategies for potential threats. If you're unsure about certain configurations or tools, there will be an option to indicate that as well.

1. What is your organization's current work arrangement?

- Is your router and network devices secured with
a strong, unique password?

- Are wireless access points securely configured with strong passwords?

- What type of Wi-Fi encryption is being used?

- How are updates and patches managed for all network devices (routers, firewalls, switches, etc.)?

- How do your staff members typically connect to
the internet while remote?

- Is the home Wi-Fi network secured with a password?

- What type of Wi-Fi encryption is being used?

- Has the default username and password of
the home router been changed?

- Is the router’s firmware regularly updated?

- Are staff members required to use a VPN
(Virtual Private Network) when accessing work
systems from home?

- Are your staff connecting to a VPN when
connecting to a public wifi network?

Are there any additional network security measures you have implemented or concerns you would like to share?

Google Workspace	Microsoft 365	Slack	Zoom	Asana
DocuSign	Dropbox	Box	Salesforce	NeonCRM
WordPress	SiteGround	Squarespace	QuickBooks Online	Bill.com
PayPal	ADP	Facebook	Instagram	Twitter
YouTube	LastPass	1Password	Dashlane	Mailchimp
Submittable	Creative Software	Adobe