K12 SIX Seeking Input into Annual Refresh of K12 SIX Essential Cybersecurity Protections

In the fall of 2021, K12 SIX released the inaugural (2021-2022) edition of our ‘Essential Cybersecurity Protections’ – a prioritized list of defensive measures we believe that every K-12 organization can and should implement to protect their school communities from the most frequently experienced and/or significant cyber threats they are facing. While our controls aim to cover most of the circumstances schools struggle with, we have no intention of attempting to displace or re-invent existing cybersecurity risk frameworks such as NIST or the CIS Controls. Rather, the K12 SIX Essential Cybersecurity Protections are aligned to those frameworks – providing schools the tools to scaffold into a comprehensive program when they are able.

K12 SIX has released a number of products in this series - some publicly, more for K12 SIX members only - including detailed rubrics and guidance for implementing our controls, a district self-assessment tool, communications templates to communicate cybersecurity priorities to non-IT leadership, and workshops.

With the input and guidance of K12 SIX members, K12 SIX has kicked off the process of refreshing these resources for the coming school year (2022-2023). While we do not expect to make large changes to our list of controls, it is important that they remain in line with best practices, evolving threats, and the broader K-12 context.

In the spirit of collaboration, K12 SIX welcomes public feedback and input on the future of this work as part of our ongoing deliberations. Please send any comments or questions to info@k12six.org with the subject line: “Essential Protections: Input” by no later than August 15, 2022.