Public Benefit Corporation · Government-only Free 30‑day trial · No payment, no credit card · Start today →
Home/Open Data/Directory

The state of American government security — one row per agency.

Every U.S. county, municipality, school district, and special-purpose district. 78,906 entities continuously scanned for the controls CISA, NIST, and your insurance carrier care about. Search any name. The data is free, open, and updated nightly.

Entities tracked
78,906
51 states & territories · updated nightly
On a verified .gov
4.7%
3,741 of 78,906
Domains assessed
21,352
Continuous, public posture data
Total checks run
154,984
Across the YesGov index since launch
All Counties Cities Schools Special Browse states → Honor roll → Score distribution →
Entity
Last scan
Web Security
Email Security
DNS & Infrastructure
co.cibola.nm.us
View full security report →
D-
Web Security2/8
D-
Email Security1/5
D+
DNS & Infrastructure1/3
aacounty.org
View full security report →
B+
Web Security6/8
D-
Email Security1/5
B-
DNS & Infrastructure2/3
cityofrochester.gov
View full security report →
B-
Web Security5/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
columbusga.gov
View full security report →
C
Web Security4/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
experiencesearcy.com
View full security report →
B+
Web Security6/8
F
Email Security0/5
D+
DNS & Infrastructure1/3
chelseama.gov
View full security report →
B-
Web Security5/8
F
Email Security0/5
B-
DNS & Infrastructure2/3
windhamct.gov
View full security report →
C
Web Security4/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
annabella.utah.gov
View full security report →
C
Web Security4/8
D-
Email Security1/5
D+
DNS & Infrastructure1/3
mclennan.gov
View full security report →
C
Web Security4/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
oxfordcounty.org
View full security report →
B+
Web Security6/8
F
Email Security0/5
D+
DNS & Infrastructure1/3

National security posture

Web Security

93%

Valid SSL/TLS

19,828 of 21,352

70%

HTTPS Redirect

14,926 of 21,352

28%

HSTS Enabled

5,921 of 21,352

91%

Certificate Valid

19,370 of 21,352

2%

CAA Record

372 of 21,352

27%

X-Frame-Options

5,782 of 21,352

45%

X-Content-Type

9,666 of 21,352

2%

security.txt

516 of 21,352

Email Security

48%

SPF Configured

10,155 of 21,352

46%

DKIM Signing

9,863 of 21,352

25%

DMARC Enforced

5,429 of 21,352

0%

MTA-STS

74 of 21,352

1%

TLS-RPT

205 of 21,352

DNS & Infrastructure

5%

DNSSEC

988 of 21,352

14%

IPv6 Support

3,084 of 21,352

68%

RPKI Valid

14,506 of 21,352

18%

.gov Domain

3,741 domains on .gov

Top states by website coverage

StateGovernmentsWith websitesCoverage
California 3,518 1,825 52%
Illinois 6,043 1,621 27%
Pennsylvania 4,311 1,579 37%
Texas 4,575 1,431 31%
New York 2,775 1,386 50%
Michigan 2,293 1,300 57%
Colorado 3,875 1,291 33%
Ohio 3,300 1,174 36%
Florida 2,072 1,113 54%
Minnesota 3,310 1,047 32%
Wisconsin 2,598 1,017 39%
Washington 1,583 753 48%

The numbers tell a troubling story

Only 25% of government domains enforce DMARC — meaning attackers can impersonate 75% of government agencies via email. Only 5% use DNSSEC. Only 28% enforce HSTS. When these gaps overlap, the risk compounds into real-world attacks that cost taxpayers millions.

Check your local government Get professional help — from $250 / year

Make your voice heard

Your tax dollars fund government IT. When basic security isn’t implemented, you pay for the breach recovery, ransomware payments, and legal settlements. Share your local government’s security grade with your community — post it on Facebook, tag your representatives on X, or bring it up at your next city council meeting.

Public awareness is the single most effective way to drive change in government cybersecurity.