The Cyber Security Evaluation Tool (CSET) is currently open to all Florida critical infrastructure organizations

January 9, 2023

Preliminary report submitted to the state

June 1, 2023

CSET data collection closes

June 30, 2023

Final report submitted

The online risk assessment tool, CSET, is LIVE!
Click here to begin your online risk assessment



Welcome to the CyberSecureFlorida initiative, a first-of-its-kind effort to assess the cybersecurity strengths and weaknesses of Florida’s collective critical infrastructure. The information gathered through this effort will be critical to helping Florida’s elected leaders determine how best to allocate resources and enact appropriate legislation to create a more secure Sunshine State!

Led by Cyber Florida in consultation with the Florida Cybersecurity Advisory Council, this effort will:

  • Establish a baseline of current critical infrastructure cybersecurity protections
  • Provide actionable solutions to increase the state’s preparedness and resilience to cyberattacks
  • Reduce the vulnerabilities of critical systems, assets, and networks
  • Increase resiliency and security to protect the people, property, and prosperity of Florida


CyberSecureFlorida is open to all public- and private-sector critical infrastructure entities and we encourage any and all critical infrastructure entities to lend their voice to this important undertaking. Organizations providing services in the following sectors are encourages to participate:

Water and wastewater systems
Food and agriculture
Critical manufacturing
Commercial facilities
Defense industrial base
Financial services

Healthcare and public health
Emergency services
Government facilities
Information technology
Nuclear reactors, materials, and waste

We are asking as many critical infrastructure organizations as possible to participate to achieve the most comprehensive view we can.

NOTE ON HURRICANE IAN: Due to the impact of Hurricane Ian, Florida FLDE Region 6 (Fort Myers, Naples, Sarasota) is not expected to participate in the survey during Phase 1. Organizations in those regions are encouraged to join during Phase 2.


The assessment is an online survey of about 150 questions addressing a range of cybersecurity concerns outlined by the NIST Cybersecurity Framework. The survey should be completed by your IT/cybersecurity lead and their team members. Responses are anonymous, confidential, and securely stored by the University of South Florida (see FAQs for details on security measures). For reporting, data will be in aggregate to further ensure privacy and security, and synthesized into a concise, actionable report to inform future resource allocation and legislation.


For no-cost and a reasonable time commitment, the CSET assessment allows you to evaluate your organization’s critical information technology and/or operational technology cyber services and ransomware readiness using a systematic, disciplined, and repeatable approach. The tailored outputs – 7 customized reports – provide collated, prioritized, actionable information for you to mitigate the risks revealed in your assessment. Your assessment data will support Cyber Florida’s development of an interactive visualization capability to compare cyber risks across infrastructure sectors as well as an anonymized state-wide summary report, two resources that will provide valuable intelligence to the critical infrastructure community and state decision-makers.

In addition to receiving a free cyber risk assessment report for your organization, Cyber Florida will provide a select number of participants with information directly related to education and training courses that target the cybersecurity improvement areas identified from the risk assessment information submitted. The service will identify the knowledge and skills necessary to mitigate cyber risks within the submitter’s agency, organization, or company. Additionally, the selected participants will have access to a full suite of cyber workforce development toolsets that will identify skills gaps, display various training pathways for upskilling employees, and assist with finding the most qualified new cyber talent, if needed. To be considered for the no-cost analysis, interested participants must fully complete their CSET risk assessment and express interest in receiving the workforce development analysis service through email to Cyber Florida or selecting the follow-on cyber workforce service question in CSET.

Have a question or need help? Watch the video below or jump to the FAQs or contact us.

Upcoming Executive Briefings

Please register below and join us:

Miami Beach – February 15

7:00 am to 8:30 am

FIU Wolfsonian Museum Café

Register to attend the event in-person

Ft Lauderdale – February 22, 2023

Noon to 1:30pm

Marriott Courtyard North/Cypress Creek

Register to attend the event in-person

Register to attend online via Zoom

St Petersburg – February 28, 2023

Noon to 1:30pm

St. Petersburg College Collaborative Labs

Register to attend the event in-person

Register to attend online via Zoom

Jacksonville – March 1, 2023

Noon to 1:30pm

Adam W. Herbert University Center

Register to attend the event in-person

Register to attend online via Zoom

Tallahassee – March 15, 2023

Noon to 1:30pm

Hyatt House Tallahassee Capitol

Register to attend the event in-person

Register to attend online via Zoom

Registration and details coming soon

Pensacola – March 29, 2023

If you have an urgent issue or need assistance to complete the assessment, please email us at cybersecure@cyberflorida.org.

Watch a Town Hall Online:

Join the Community

We’ve created a LinkedIn Group to support and grow the CyberSecureFlorida initiative. Join the group and help us build a community of Florida cyber defenders!



Frequently Asked Questions

Q. Why should my organization participate?

In addition to receiving a free risk assessment for your organization, the data gathered will establish a baseline to guide future planning, policies, and expenditures to strengthen the state’s critical infrastructure assets. This could yield additional state-provided resources and tools for your organization.

Q. We don’t have a cybersecurity person on staff. Can someone help us answer the questions?

Yes! Cyber Florida has a network of staff and volunteers available to assist organizations in completing the assessment. They can connect virtually or in person to help you submit your assessment. Complete the contact form above to request assistance.

Q. We’ve completed a risk assessment with a third-party vendor, why should we complete our CI risk assessment?

You may have completed a risk assessment with a third-party vendor, but you will not be included in the overall Florida critical infrastructure risk score, which may impact the policies and potential funding for Florida critical infrastructure. The survey is short and easy to use. You will not be asked to provide any information that will reveal protected company details, your information will be strictly protected as critical infrastructure information.

Q. We’ve completed a risk assessment with the CSET tool, why should we complete another one?

Within the CSET tool, there are a variety of options based on the type of standard being measured. For this reason, we ask all critical infrastructure owners/operators to participate in the survey to be counted and heard so the leaders of Florida can get as accurate a picture as possible to guide Florida’s future investments to make Florida a safe and secure state to live, work, and play.

Q. How is the data gathered protected?

The data is gathered anonymously and stored on physical servers at the University of South Florida. The University of South Florida uses the NIST Cybersecurity framework to manage its technical and administrative controls. The university has a complete set of security policies, procedures, and standards based on the NIST 800-171 security guidelines. In addition to these administrative controls, the university employs a great number of technical controls including but not limited to: A number of physical and cloud-based Pal Alto Firewalls, the complete Microsoft Defender Stack of products including EDR, Beyond Trust Privileged access management, Microsoft MFA, Splunk for Enterprise Security SIEM, and regular penetration tests and risk assessment performed by both internal staff, state auditors, and 3rd party companies.

The University of South Florida is a Carnegie Research-1 University with numerous federal grants dealing with Medical, Personal, and DoD restricted non-classified data that is secured and monitored 24/7 by USF staff as well as two external SOCs.

Still have a question or need assistance? Please submit the form below and a team member will contact you shortly.