Preparing for a cybersecurity audit does not have to be overwhelming. This checklist is designed to help city and county leaders evaluate readiness against commonly reviewed controls, including the Arkansas Cyber Response Board (ACRB) Year‑1 Minimum Cybersecurity Standards. Use it as a self‑assessment tool before an audit—or as a roadmap for ongoing improvement.
Governance & Oversight
- Cybersecurity roles and responsibilities are clearly defined
- Leadership is briefed on cybersecurity risks and requirements
- Written cybersecurity policies are approved and current
Access Controls
- Multi‑factor authentication is enabled for administrative and cloud accounts
- Default passwords are not in use
- Password standards meet minimum length and complexity requirements
Backup & Recovery
- Critical systems are identified
- Offline backups are performed
- Backup restoration tests have been completed and documented within the last year
Employee Awareness
- Cybersecurity awareness training is conducted for all employees
- New hires receive cybersecurity onboarding
- Training completion is documented
Patch Management
- Critical patches are applied within established timelines
- Non‑critical updates are tracked and applied
- Exceptions are documented and approved
Documentation
- Cybersecurity policies are easily accessible
- System configurations align with written standards
- Audit evidence can be produced upon request
To learn more about our Managed Compliance Services, please click here.