Cybersecurity Guidance for K-12 Technology Acquisitions

The President’s National Cybersecurity Strategy outlines the need to shift the burden of security from customers to manufacturers. In line with this strategy, in April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and nine US and international agencies co-authored a whitepaper titled “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.” CISA continues to engage the ecosystem on both the demand and supply sides to make a fundamental shift in addressing chronic and systemic problems in software products. This guidance is intended to help the K-12 education community acquire products that are “Secure by Design.”