The Enterprise Security and Risk Management Office provides cyber resources and services to state agencies and local and tribal government entities in North Carolina. 

SecureNC is a cybersecurity initiative led by the State Chief Information Security Officer to help North Carolina state and local governments strengthen their security posture to protect North Carolina systems and data. The program provides tools, resources and expert guidance to improve visibility, control and resilience across your environment.

Our Customers

ESRMO serves as a centralized cybersecurity authority for the state, safeguarding its digital infrastructure and ensuring the continuity of essential services and the protection of state data.

• State agencies: Provide cybersecurity leadership, incident response, vulnerability management and compliance oversight for state agencies
• Local governments and municipalities: Extend services to local government entities, including counties, cities and commissions
• Educational institutions: Assist in assessments and technical evaluations for projects supporting the North Carolina Independent Colleges and Universities (NCICU)
• Third-party vendors: Conduct security reviews and works with vendors to ensure compliance with state cybersecurity standards
• Internal customers: Provides cybersecurity governance, consultation and guidance to NCDIT

See below for a list of resources currently available.

County & City Governments

• External vulnerability scans
• Tanium SecureNC Progam (Converged endpoint management -Tanium XEM)
• Web application firewall (WAF)
  

State Government Agencies

• External vulnerability scans
• Anti-phishing/security awareness training (SAT)
• Advanced endpoint protection (AEP)
• Tanium SecureNC Program (Converged endpoint management -Tanium XEM)
• Multi-factor authentication (MFA)
• Web application firewall (WAF)