IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Opinion: How to Implement CoSN’s NIST Cybersecurity Framework

A new framework for improving K-12 cybersecurity, based on standards from the National Institute of Standards and Technology, stands on five pillars: identify, protect, detect, respond and recover.

The NIST logo.
It’s been 19 years since the United States and Congress designated a month for the public and private sectors to collaborate on raising awareness about cybersecurity. As a district superintendent, safeguarding personal information of staff and students can be daunting. The nonprofit Consortium for School Networking’s recently unveiled NIST Cybersecurity Framework for K-12, while filled with educational and technological terminology, serves as a valuable guide for districts, offering actionable steps.

Before implementing the framework’s five pillars — identify, protect, detect, respond and recover — school districts should form a team of stakeholders to execute and oversee the work. Cybersecurity responsibility should be collective, not the sole function of one person. These five pillars offer a clear, continuous model for all school districts.

Districts must first identify the assets in their organization, which extend beyond devices to include personnel, systems and facilities. As part of this step, districts should gather all the policies, processes and procedures used to manage and inform their cybersecurity risk, then conduct a risk assessment to fully understand the organization’s vulnerability, encompassing supply chain risks.

Second, protect the organization by granting access only to authorized users. Guarantee that policies clearly specify which authorized individuals can access relevant data structures and safeguard the confidentiality, integrity and availability of information. Use an identity management and authentication tool to ensure appropriate staff have access to authorized activities and transactions. Awareness, education and financial resources are crucial for safeguarding information.

Third, detect anomalies through dedicated staff monitoring and verification of protective measures.

Fourth, prepare to respond to a compromise by promptly notifying relevant parties and containing the situation. Know, in advance, who internally and externally should be notified immediately. Ensure structures are in place to prevent the expansion of the event and to mitigate the effects. Provide a safe space, free of blame, to discuss lessons learned for improvement.

Finally, establish and maintain recovery procedures to ensure system restoration. Encourage a blame-free discussion for improvement, involving internal and external stakeholders, and learn from any mistakes.
Dr. Monica Goldson is the retired Chief Executive Officer for Prince George’s County Public Schools (PGCPS) after 32 years of service. Dr. Goldson holds three degrees from HBCUs – a bachelor’s degree in Mathematics from Florida A&M University, a master’s degree in Elementary and Secondary School Administration from Bowie State University, and a doctorate in Educational Administration and Policy from Howard University. Beyond the schoolhouse, Dr. Goldson is the recipient of numerous awards and honors.