The Consortium for School Networking has put together a guide to make the National Institute of Standards and Technology’s Cybersecurity Framework more accessible to K–12 IT leaders. On its website, CoSN has aggregated resources aligning to the NIST Framework, breaking them out into categories that align with each of the five areas of NIST’s guidance: Identify, Protect, Detect, Respond and Recover. Within each category, there are links, worksheets and more for schools that want to improve their IT environment.
The NIST Cybersecurity Framework is a frequently referenced resource for schools looking to improve their cybersecurity posture. K–12 IT leaders rely on the principles and priorities outlined in that framework when purchasing ed tech or deciding how to train staff.
Despite the popularity of the framework, navigating and planning with it can be daunting, especially with many school districts starting from a place of minimal and outdated security tech.
How to Navigate CoSN’s NIST Cybersecurity Framework Resources
The digital resource web page CoSN has created is visually organized as the five categories of the NIST Framework. Beneath each category is a series of drop-down menus. IT leaders should begin by familiarizing themselves with the five categories of the framework and how the categories map to their district’s cybersecurity needs. A cybersecurity assessment can help schools determine on which areas of the framework to focus.
From there, IT admins can explore the drop-down menus, each of which contains materials related to that area of security.
Some of the resources on the web page are available for any school to use, while others are restricted to CoSN members only. The resources include links to toolkits, web pages and PDF files containing best practices, sample exercises and planning guides.
A trusted security resource in its own right thanks to its Trusted Learning Environment seal, CoSN aims to help school leaders by making the framework more actionable for tech directors and administrators at all levels of cybersecurity expertise.