Post Assessment Questionnaires

CYBER SECURITY ADVISORS (CSA)
EXTERNAL DEPENDENCY MANAGEMENT (EDM)
POST-ASSESSMENT QUESTIONNAIRE

Thank you for completing the External Dependency Management post-assessment questionnaire. For more information
about this questionnaire or the Cybersecurity Advisors Program, please contact Tara Brewer at [email protected]
Cybersecurity Motivation
What was your organization’s motivation to participate in the EDM? (select all that apply)
Validate a Finding

Proactive Cybersecurity Assessment/Start of Improvement Effort

Review Compliance

Obtain Professional Third-Party Opinion of Cyber Defenses

Response to Incident within Organization

Response to Incident within Industry

Reinforce Standards

Other:

Assessment Impact
As a result of the EDM, has your organization...

In which of the following EDM domains has your organization
planned, scheduled, or implemented at least one improvement?
N/A

Improved its allocation of its overall IT and/or cybersecurity budget?
Yes

Planned Scheduled Implemented

Relationship Formation

Evaluating and controlling the risks of relying
on external entities

|

No

Established or changed your targeted cybersecurity posture?
Yes

Management and Governance

|

No

Shared cybersecurity information with external parties?

Managing ongoing relationships

Yes

|

No

If Yes, what information is shared:

Service Protection and Sustainment

Accounting for dependence on external parties
during incidents, disruptions, and threats

Lessons Learned

Best Practices

Training Tips

Other:
Leveraged the NIST Cybersecurity Framework?
Yes

|

No

Please provide a brief explanation for any improvements or changes listed above:

Quality of Assessment & Report
Did DHS establish expectations through EDM preparations?

Yes
Strongly
Agree

|

No
Neither Agree
nor Disagree

Strongly
Disagree

Explanation:

The EDM report was comprehensible, readable, and usable.
The EDM report was valuable.
The EDM met my organization’s expectations.
How could the EDM be improved?

How could the EDM report be improved?

Next Steps
Is your organization interested in participating in additional DHS cyber assessments or other services? (select all that apply)
A Re-Assessment of the Same Critical Service:

Another DHS Service:

Cyber Resilience Review (CRR)

Phishing Campaign Assessment

External Dependencies Management (EDM)

Network Risk and Vulnerability Assessment

Cyber Infrastructure Survey (CIS)

Cybersecurity Evaluation Tool

A New Assessment of a Different Critical Service:
Cyber Resilience Review (CRR)
External Dependencies Management (EDM)
Cyber Infrastructure Survey (CIS)

Industrial Control Systems Evaluation
Cyber Hygiene Scanning