State of North Carolina Cybersecurity Strategic Plan

About the 2025-2030 Strategic Plan

In an era of rapidly evolving cyber threats, the state of North Carolina has launched a comprehensive cybersecurity strategic plan to safeguard its digital infrastructure, protect citizen data, and ensure the continuity of essential services. This five-year roadmap outlines a unified, statewide approach to cybersecurity, grounded in collaboration, accountability and innovation.

Read the Cybersecurity Strategic Plan

Vision

To build a secure and resilient cybersecurity environment across North Carolina’s public sector – one that protects critical infrastructure, digital services and the personal information of all North Carolinians.

Strategic Goals

The plan is anchored by six strategic goals.

Threat Surface Management

Reduce vulnerabilities through risk-based strategies, data classification, zero trust architecture and statewide collaboration.

Statewide CISO Accountability

Strengthen the authority and coordination of the state chief information security officer (SCISO) to ensure consistent security standards and oversight across all agencies.

Governance

Enhance cybersecurity governance through clear policies, executive accountability and alignment with state and federal regulations.

Education

Foster a culture of cybersecurity awareness through training, public-private partnerships and statewide information-sharing platforms.

Resilience

Ensure business continuity during cyber incidents by institutionalizing disaster recovery planning, testing and real-time risk visibility.

Workforce Development

Expand and diversify the cybersecurity workforce through education, internships, apprenticeships and regional security operations centers.

Implementation

Led by the Enterprise Security & Risk Management Office (ESRMO), the plan includes initiatives such as endpoint detection and response, statewide incident response coordination, and the development of a Cybersecurity Center of Excellence. These efforts are designed to empower agencies, improve risk transparency and build a cyber-ready workforce.

Off