Cybersecurity Compliance Tracker

EO 2024-011 — NIST SP 800-53 Moderate-Impact Baseline

25M+ records compromised including NM MMIS/Medicaid data. SafePay ransomware. Notifications ongoing through April 2026.

Annual Certification Deadline

November 1, 2026

227

days remaining

47%Compliant

Agencies Certified

of 20 total

Exempt w/ Plan

remediation plans filed

Non-Compliant

immediate action required

In Progress

assessment underway

Agency Compliance Status

Sorted by risk level (highest first)

20 of 20 agencies

Agency	Status	Score	Last Assessment	Risk	Deadline
Human Services Department	Non-Compliant	31%	Jan 10, 2026	High	At Risk
Public Education Department	Non-Compliant	28%	Nov 18, 2025	High	Overdue
Children, Youth and Families Dept	Non-Compliant	35%	Dec 12, 2025	High	At Risk
Corrections Department	Non-Compliant	38%	Dec 20, 2025	High	At Risk
Workforce Solutions Department	Non-Compliant	41%	Dec 15, 2025	High	At Risk
Indian Affairs Department	Non-Compliant	23%	Oct 30, 2025	High	Overdue
Department of Health	Exempt w/ Plan	58%	Jan 22, 2026	Medium	On Track
Environment Department	Exempt w/ Plan	52%	Dec 5, 2025	Medium	On Track
Department of Transportation	Exempt w/ Plan	55%	Jan 5, 2026	Medium	On Track
General Services Department	Exempt w/ Plan	62%	Jan 28, 2026	Medium	On Track
Motor Vehicle Division	Exempt w/ Plan	49%	Dec 30, 2025	Medium	At Risk
Energy, Minerals and Natural Resources	Exempt w/ Plan	56%	Jan 15, 2026	Medium	On Track
New Mexico National Guard	In Progress	73%	Feb 5, 2026	Medium	On Track
Regulation and Licensing Department	Non-Compliant	43%	Nov 25, 2025	Medium	At Risk
Department of Information Technology	Certified	95%	Feb 15, 2026	Low	On Track
Taxation and Revenue Department	Certified	89%	Feb 28, 2026	Low	On Track
Department of Finance and Administration	Certified	87%	Feb 10, 2026	Low	On Track
Economic Development Department	Certified	82%	Feb 20, 2026	Low	On Track
New Mexico State Police	Certified	91%	Mar 1, 2026	Low	On Track
Department of Cultural Affairs	In Progress	67%	Jan 20, 2026	Low	On Track