Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Online Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats
Share:

Online Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats

To help K-12 organizations mitigate against the threat of malicious cyber actors and cyber risks that can significantly impact educational missions and risk sensitive data, CISA developed this online toolkit and the Partnering to Safeguard K-12 Organizations from Cybersecurity Threats report.

This toolkit is derived from a broader list of tasks called the Cybersecurity Performance Goals (CPG). The work to improve and maintain your cybersecurity posture should be part of a continuous program, not merely a project with a finish line. As you work though the tasks below, CISA recommends that you review all the CPGs and plan to incorporate them into your ongoing security program.

This online toolkit aligns three recommendations from the report with key actions and related trainings and resources to help you build, operate, and maintain resilient cybersecurity programs. Explore each recommendation below to learn more and find prioritized action steps and aligned resources to implement at your school or district.

Recommendation 1: Invest in Most Impactful Security Measures and Build Toward a Mature Cybersecurity Plan

Cybersecurity is not one size fits all. Schools and their districts have distinct strengths and weaknesses and a wide range of needs. At the same time, there are relatively simple actions that every K-12 organization can take to significantly reduce their cybersecurity risks.

Below are the highest priority steps:

1. Implement multifactor authentication (MFA) (Cybersecurity performance goal 2.H)

MFA is a layered approach to securing online accounts and the data they contain. Even if one factor (such as a user password) becomes compromised, unauthorized users will be unable generally to bypass the second authentication requirement, ultimately stopping them from gaining access to the target accounts.

Action: All K-12 institutions should review CISA’s MFA Enhancement Guide, which provides a defined roadmap toward broad MFA adoption. Ensure that all users with elevated privileges, like system administrators, have MFA enabled for all systems.

Multifactor Authentication

MFA is a layered approach to securing your online accounts and the data they contain. 

Phishing-Resistant MFA Fact Sheet

For IT leaders and network defenders to better understand current threats against accounts and systems that use MFA.

2. Identify and fix known security flaws, prioritizing those that are being actively used by malicious actors (Cybersecurity Performance Goal 1.E)

While there are many security vulnerabilities in widely used technologies, a small number of these are actually used by malicious actors to compromise victim organizations. By prioritizing these known exploited vulnerabilities, K-12 organizations can significantly reduce their likelihood of compromise.

Action: Prioritize remediation of vulnerabilities listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog, either by signing up for recurring updates when new vulnerabilities are added or by using a third-party service that automatically identifies the presence of vulnerabilities on the KEV catalog, including but not limited to Palo Alto Networks Cortex, Tenable Nessus, Runecast, Qualys VMDR, Wiz, Rapid7 InsightVM, and Rapid7 Nexpose.

Known Exploited Vulnerabilities Catalog

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

3. Perform and test backups (Cybersecurity Performance Goal 2.R)

Implementing, maintaining, and testing backups of critical data is an essential step to reducing impacts from ransomware and other damaging attacks.

Action: Identify data that is critical to continued operations of the K-12 organization and implement backup solutions that are separated from the operational network. Conduct recurring real-world tests to ensure that data can be readily restored from backups. Where applicable, consider free tools such as Windows Auto-Backup and Google Backup & Sync. As part of the entities’ governance program, leaders should request and review evidence of the test restoration tasks and workplans to address any gaps found during the restoration exercise.

Data Backup Options

Learn to protect your information and recover/restore systems, networks, and data from known good backups.

4. Minimize exposure to common attacks (Cybersecurity Performance Goals 1.A and 2.W)

Malicious cyber actors continuously scan organizations to identify vulnerabilities and execute damaging intrusions. Every K-12 organization should ensure that their Internet-connected assets are up-to-date and free from exploitable conditions.

Actions: Enroll in CISA’s free Vulnerability Scanning service and quickly address vulnerabilities identified in recurring reports. Take steps outlined by CISA here to reduce the likelihood that a malicious actor can identify the organization’s assets when scanning the internet for potential victims.

Cyber Hygiene Services

CISA offers scanning and testing services to help organizations reduce their exposure to threats and mitigate attack vectors.

Stuff Off Search

Get your "Stuff Off Search" and reduce Internet attack surfaces that are visible to anyone on web-based search platforms.

5. Develop and exercise a cyber incident response plan (Cybersecurity Performance Goal 2.S)

Every K-12 organization should have an Incident Response Plan that spells out what the organization needs to do before, during, and after an actual or potential security incident. It will include roles and responsibilities for all major activities, and an address book for use should the network be down during an incident. It should be approved by the senior official in the organization and reviewed quarterly, and after every security incident or “near miss”.

Action: Develop and regularly exercise a written Incident Response Plan, leveraging CISA’s Incident Response Plan Basics two-pager with advice on what to do before, during and after an incident. Additional helpful resources include the K12 SIX Essential Cyber Incident Response Runbook and the State Cybersecurity Best Practices Incident Response Plan.

Incident Response Plan (IRP) Basics

An Incident Response Plan is a written document that helps your organization before, during, and after a security incident.

K12 SIX: The Essentials

The K12 SIX Essentials series establishes baseline cybersecurity standards for U.S. school districts and provides guidance and tools to support their implementation.

6. Create a training and awareness campaign at all levels (Cybersecurity Performance Goal 2.I)

All personnel at every K-12 organization should be formally trained to understand the organization’s commitment to security, what tasks they need to perform (like enabling MFA, updating their software and avoiding clicking on suspicious links that could be phishing attacks), and how to escalate suspicious activity.

Action: Review your employee handbook to ensure it has a section on cybersecurity with information on acceptable use of technology, policies, and escalation procedures. Send periodic reminders for staff to review the handbook’s security section via email and staff meetings.

Cybersecurity Awareness Training

Cybersecurity training provided by Amazon for any employee or individual who wants to better understand the most common cyber risks and how to protect themselves and their organizations.

Empowering Educators to Teach Cyber

CYBER.ORG empowers educators to teach cyber confidently, resulting in students with the skills and passion needed to succeed in the cyber workforce.

Security Awareness Training

Training to enhance and reinforce the critical skills and knowledge of those who operate within ICS environments.

After you've taken the highest priority steps:

7. Prioritize further near-term investments in alignment with the full list of CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs)

CPGs are a prioritized subset of information technology (IT) and operational technology (OT) cybersecurity practices that all critical infrastructure owners and operators, including K-12 schools, can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.  They are intended to help establish a common set of fundamental cybersecurity practices that will help schools of all sizes kickstart their cybersecurity efforts. 

Action: Review the CPG web site and worksheet, prioritizing goals that the listed as highest impact first. As you develop your monthly, quarterly, and annual roadmaps, include additional Cybersecurity Performance Goals to improve your security posture.

Cross-Sector Cybersecurity Performance Goals

CISA developed cross-sector recommendations to help organizations prioritize cybersecurity investments.

CPGs Checklist

Cross-Sector Cybersecurity Performance Goals checklist to help organizations self-assess.

8. Over the long-term, develop a unique cybersecurity plan that leverages the NIST Cybersecurity Framework (CSF)

The CSF is a robust framework for building and maintaining a comprehensive information security program. Governments and enterprises use it to ensure they have covered all the key elements of a mature program.

Action: Organizations should review the CSF as they complete the tasks here, and in the CPGs. K–12 entities should participate in the free Nationwide Cybersecurity Review (NCSR)22, which provides metrics that identify gaps and track progress, as well as access to incident reporting and cybersecurity resources.

NIST Cybersecurity Framework

The NIST Cybersecurity Framework can help an organization begin or improve their cybersecurity posture. We especially recommend the Getting Started page.

Recommendation 2: Recognize and Actively Address Resource Constraints

Most school districts are doing a lot with a little and resource shortfalls can be a major constraint to implementing effective cybersecurity programs. K-12 organizations should take the following steps to recognize and actively address resource constraints:

1. Work with the state planning committee to leverage the State and Local Cybersecurity Grant Program (SLCGP)

The SLCGP provides $1 billion over 4 years for a first-of-its-kind grant program specifically for state, local, and territorial (SLT) governments funding to support efforts addressing cyber risk to their information systems. The two major first year requirements for this program include the establishment of a Statewide Cybersecurity Planning Committee and the development, by this committee, of a Statewide Cybersecurity Plan.  Public Education is a required member of the Planning Committee, therefore ensuring the cybersecurity needs of educational institutions are accounted for.  While the funding is granted directly to the State Administrative Agency, publicly funded K-12 schools are eligible to receive sub-award money.

Action: Review the resources below to determine your school’s eligibility and consider applying to the program.

FY22 State and Local Cybersecurity Grant Program Fact Sheet

The SLCGP provides funding to state, local, tribal, and territorial (SLTT) governments to address cybersecurity risks and cybersecurity threats to SLTT-owned or operated information systems. 

State and Local Cybersecurity Grant Program Frequently Asked Questions

The overarching goal of the SLCGP is to assist SLTT governments in managing and reducing systemic cyber risks. Find answers to your questions here.

Homeland Security Grant Program

The Homeland Security Grant includes a suite of risk-based grants to assist SLTT efforts in protecting against, responding to, and recovering from acts of terrorism and other threats.

Homeland Security Grant Program (HSGP) Application Process

The State Administrative Agency (SAA) is the only entity eligible to submit Homeland Security Grant Program (HSGP) applications to DHS/FEMA.

2. Utilize free or low-cost services to make near-term improvements when resources are scarce

As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open-source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. 

Action: Evaluate your security program’s need for services and tools to determine if any in this catalog are a fit for your needs.

Free Cybersecurity Services and Tools

CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. 

3. Ask more of technology providers

K–12 organizations should expect the technology used for core educational functions like learning management and student administrative systems to have strong security controls enabled by default for no additional charge.

Action: During the technology procurement and renewal process, ensure that vendors do not charge more for security features like MFA and logs. Be especially aware of the “SSO tax”, the practice of changing customers more to connect a service (like a financial or time keeping system) to the organization’s Single Sign On (SSO) portal. Further, as you deploy products be sure to review the product’s “hardening guide”. A hardening guide is a set of steps to make the product less dangerous. As you become aware of upcharges for security features, or unsafe defaults, start a dialog with other schools and ISAC members to assess a strategy for working together with the vendor to remediate. CISA is ready to serve as an advocate for the K-12 community in advancing technology products that are fit for purpose to support our nation’s education system. Where a K-12 organization identifies as technology that is not meeting expectations for security built-in, contact your regional cybersecurity advisor to begin a conversation on how we can help.

Cyber Security Advisors

Your local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs) provide a variety of risk management and response services.

4. Minimize the burden of on-prem security

Many K–12 organizations operate their own IT systems, known as “on premises” systems. Such systems require time to patch, to monitor, and to respond to potential security events. Few K–12 organizations have the resources and expertise to keep them

Action: K–12 organizations should urgently consider migrating on-premises IT services to the cloud. While it is not possible to categorically state that “the cloud is more secure,” migration to the cloud will be a more secure and resilient option for many K–12 organizations. Consider first cloud versions of your user identity system, and your mail system. Talk to your CISA regional representative for guidance on secure cloud migration.

Google Workspace: Business Apps & Collaboration Tools

Google's productivity and collaboration tools for people and organizations, including Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, and Sites.

Azure Active Directory: Microsoft Azure

Azure Active Directory (Azure AD) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against cybersecurity attacks.

Microsoft 365: Subscription for Office Apps

Microsoft's productivity and collaboration tools for people, organizations, and schools, including Microsoft Teams, Word, Excel, and PowerPoint.

Recommendation 3: Focus on Collaboration and Information Sharing

K-12 entities struggle to fund cybersecurity resources while combating continuous threats. Situational awareness into changes in the risk environment is critical to ensure that resources are allocated to the most effective security mitigations and controls.

By focusing on collaboration and information sharing, K-12 organizations can stay aware of critical alerts on current threads and vulnerabilities.

K-12 schools should take the following actions:

1. Join cybersecurity collaboration groups, such as MS-ISAC and K12 SIX

MS-ISAC membership includes reporting as well as data and information sharing. In addition, MS-ISAC K-12 community members receive critical alerts on current threats, risks, and vulnerabilities; free cyber tools, resources, and services; and 24/7 access to assistance that includes threat incident analysis, mitigation, and remediation.

Join MS-ISAC

A free and voluntary membership for SLTT governments, public K-12 education entities, public institutions of higher education, and any other non-federal public entity in the US. 

K12 SIX Member Benefits

K12 Security Information eXchange (K12 SIX) membership, open to U.S. K-12 organizations, supports adoption of expert-recommended best practices.

2. Work with other information-sharing organizations

Such as fusion centers, state school safety centers, other state and regional agencies, and associations.

State Information Sharing Tool

As you build your school safety plan, find state programs and state emergency planners that can provide school safety expertise specific to each state.

3. Build a strong and enduring relationship with CISA and FBI regional cybersecurity personnel

Report every cyber incident to CISA, every time.

Regional Offices

Get connected with CISA Cybersecurity Advisors

Report to CISA

Report incidents, phishing attempts, malware, and vulnerabilities to CISA

Internet Crime Complaint Center (IC3)

File a complaint or report if you have fallen victim to cyber crime, and get educated about the latest and most harmful cyber threats and scams.

Additional Resources and Training for K-12 Students and Educators

Federal Virtual Training Environment (FedVTE) Public Courses

This training environment offers more than 800 hours of free online, on-demand cybersecurity training for state, local, tribal, and territorial government personnel and veterans, including K-12 schools.

Foundations of Cybersecurity Management

This free online, instructor-led course teaches you how to apply the principles of cybersecurity management.

Fundamentals of Cyber Risk Management

This free online, self-paced course focuses on key concepts, issues, and considerations for managing cyber risk.

Don’t wake up to a Ransomware Attack

This free online, self-paced course provides essential knowledge and reviews real-life examples of cyber attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.

SchoolSafety.gov Cybersecurity Topic Page

This webpage hosts federal government resources, guidance, and tools on cybersecurity for K-12 schools.  

Cybersecurity Training and Exercises

This webpage lists CISA trainings available to non-federal cybersecurity professionals and the public, including K-12 schools.

NICCS Education and Training Catalog

This catalog is a central location to help cybersecurity professionals of all skill levels find cybersecurity-related courses online and in person across the nation.

CETAP Cyber Safety Videos

This video series provides tips for staying safe online. Topics include: the Internet of Things; Social Media Safety; Ransomware; Phishing; Making Strong Passwords; Online Gaming Safety; and Video Call Safety.

Cybersecurity Considerations for K-12 Schools and School Districts

This training course is designed to help K-12 schools and districts understand cybersecurity considerations needed to inform school emergency operations plans and safety, security, emergency management, and preparedness programs.

Carnegie Mellon University

This free computer security education program for students and teachers provides original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.

CISA Regions

CISA encourages schools and districts to also contact their local regional offices for cybersecurity support and resources. CISA’s Cyber Security Advisors (CSAs) can provide schools with cyber preparedness, assessments and protective resources, incident coordination and support for cyber threats and/or attacks, and more.

Contact

Note: This toolkit is not comprehensive. CISA applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included. CISA does not attest to the suitability or effectiveness of these services and tools for any particular use case. CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback