Public Benefit Corporation · Government-only Free 30‑day trial · No payment, no credit card · Start today →
Home/Open Data/Directory

The state of American government security — one row per agency.

Every U.S. county, municipality, school district, and special-purpose district. 78,906 entities continuously scanned for the controls CISA, NIST, and your insurance carrier care about. Search any name. The data is free, open, and updated nightly.

Entities tracked
78,906
51 states & territories · updated nightly
On a verified .gov
4.7%
3,714 of 78,906
Domains assessed
21,298
Continuous, public posture data
Total checks run
134,094
Across the YesGov index since launch
All Counties Cities Schools Special Browse states → Honor roll → Score distribution →
Entity
Last scan
Web Security
Email Security
DNS & Infrastructure
wpnj.us
View full security report →
D+
Web Security3/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
tuftonboro.org
View full security report →
F
Web Security1/8
B-
Email Security3/5
D+
DNS & Infrastructure1/3
clearwatercity.com
View full security report →
C
Web Security4/8
B-
Email Security3/5
D+
DNS & Infrastructure1/3
crawfordco.org
View full security report →
D+
Web Security3/8
C-
Email Security2/5
D+
DNS & Infrastructure1/3
cityofnewcastle.net
View full security report →
B+
Web Security6/8
F
Email Security0/5
D+
DNS & Infrastructure1/3
townofplainfield.com
View full security report →
C
Web Security4/8
D-
Email Security1/5
D+
DNS & Infrastructure1/3
discoverroanoke.org
View full security report →
D+
Web Security3/8
D-
Email Security1/5
F
DNS & Infrastructure0/3
town.cumberland.in.us
View full security report →
C
Web Security4/8
F
Email Security0/5
D+
DNS & Infrastructure1/3
townofpittsboro.org
View full security report →
D-
Web Security2/8
B-
Email Security3/5
D+
DNS & Infrastructure1/3
carmel.in.gov
View full security report →
D+
Web Security3/8
C-
Email Security2/5
F
DNS & Infrastructure0/3

National security posture

Web Security

93%

Valid SSL/TLS

19,834 of 21,298

70%

HTTPS Redirect

14,948 of 21,298

28%

HSTS Enabled

5,954 of 21,298

91%

Certificate Valid

19,370 of 21,298

2%

CAA Record

364 of 21,298

27%

X-Frame-Options

5,779 of 21,298

45%

X-Content-Type

9,647 of 21,298

2%

security.txt

523 of 21,298

Email Security

48%

SPF Configured

10,124 of 21,298

46%

DKIM Signing

9,808 of 21,298

25%

DMARC Enforced

5,366 of 21,298

0%

MTA-STS

76 of 21,298

1%

TLS-RPT

202 of 21,298

DNS & Infrastructure

5%

DNSSEC

982 of 21,298

14%

IPv6 Support

3,026 of 21,298

68%

RPKI Valid

14,463 of 21,298

17%

.gov Domain

3,714 domains on .gov

Top states by website coverage

StateGovernmentsWith websitesCoverage
California 3,518 1,825 52%
Illinois 6,043 1,621 27%
Pennsylvania 4,311 1,579 37%
Texas 4,575 1,431 31%
New York 2,775 1,386 50%
Michigan 2,293 1,300 57%
Colorado 3,875 1,291 33%
Ohio 3,300 1,174 36%
Florida 2,072 1,113 54%
Minnesota 3,310 1,047 32%
Wisconsin 2,598 1,017 39%
Washington 1,583 753 48%

The numbers tell a troubling story

Only 25% of government domains enforce DMARC — meaning attackers can impersonate 75% of government agencies via email. Only 5% use DNSSEC. Only 28% enforce HSTS. When these gaps overlap, the risk compounds into real-world attacks that cost taxpayers millions.

Check your local government Get professional help — from $250 / year

Make your voice heard

Your tax dollars fund government IT. When basic security isn’t implemented, you pay for the breach recovery, ransomware payments, and legal settlements. Share your local government’s security grade with your community — post it on Facebook, tag your representatives on X, or bring it up at your next city council meeting.

Public awareness is the single most effective way to drive change in government cybersecurity.