CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Identify

Asset Management: The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

Implementing Asset Management CoSN
https://www.cosn.org/tools-and-resources/resource/implementing-asset-management/
Member Only

Application Inventory Worksheet CoSN
https://www.cosn.org/tools-and-resources/resource/cosn-district-application-inventory-worksheet/
Member Only

Implementing Asset Disposal CoSN
https://www.cosn.org/tools-and-resources/resource/implementing-asset-disposal/
Member Only

*Users must be logged in to see member resources.

Business Environment: The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

Building a Cybersecurity Program CoSN
https://www.cosn.org/wp-content/uploads/2023/03/How-to-Build-a-Cybersecurity-Program_-1.pdf
Public

Selecting A Cybersecurity Framework CoSN
https://www.cosn.org/wp-content/uploads/2023/03/Member-Brief-Selecting-a-Cybersecurity-Framework-1.pdf
Public

Cybersecurity Planning Template CoSN
https://www.cosn.org/wp-content/uploads/2023/03/2017-Cybersecurity-Template-2.pdf
Public

Partnering to Safeguard K-12 Organizations from Cybersecurity Threats Online Toolkit CISA
https://www.cisa.gov/resources-tools/resources/partnering-safeguard-k-12-organizations-cybersecurity-threats-online
Public

Acceptable Use Policy Templates

Governance: The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

NIST: Everything Begins & Ends with Leadership as the new GOVERN Function Declares a Heightened Leadership Imperative Blog CoSN
https://www.cosn.org/nist-everything-begins-ends-with-leadership-as-the-new-govern-function-declares-a-heightened-leadership-imperative/
Public

Strategies for Building Information Security Governance CoSN
https://www.cosn.org/wp-content/uploads/2022/12/Strategies-for-Building-Information-Security-Governance.pdf
Public

Dear Superintendents: What I Wish School Leaders Knew About Cybersecurity CoSN
https://www.cosn.org/dear-superintendents-what-i-wish-school-leaders-knew-about-cybersecurity/
Public

Making the Case For Increased Cybersecurity Funding CoSN
https://www.cosn.org/edtech-topics/cybersecurity/cybersecurity-planning/
Public

Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

Conducting a Cybersecurity Risk Assessment CoSN
https://www.cosn.org/wp-content/uploads/2022/01/Conducting-A-Cybersecurity-Risk-Assessment.pdf
Public

COSN Cybersecurity Risk Assessment Powered by S2 CoSN
https://securitystudio.com/cosn/
Public

K-12 Community Vendor Risk Assessment (K-12CVAT) CoSN
https://www.cosn.org/tools-and-resources/resource/k-12cvat/
Public

Risk Methodology for K12 CoSN
https://www.cosn.org/wp-content/uploads/2021/09/K12RiskMethodology.pdf
Public

CIS MS-ISAC K-12 Cybersecurity Assessment of the 2022-2023 School Year, CIS
https://learn.cisecurity.org/2023-k12-report
Public

Cyberhygine Services: Vulnerability Scanning CISA
https://www.cisa.gov/topics/cyber-threats-and-advisories/cyber-hygiene-services
Public

Reducing the Risk of a Successful Cyber Attack CISA
https://www.cisa.gov/stopransomware/cyber-hygiene-services
Public

Nationwide Cybersecurity Review (NCSR) MS-ISAC
https://www.cisecurity.org/ms-isac/services/ncsr
Public

Risk Assessment Method (RAM) CIS
https://www.cisecurity.org/insights/white-papers/cis-ram-risk-assessment-method
CIS Member

Risk Management Strategy: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Risk Management Framework for Information Systems and Organizations NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Public

Standard ID.RM: Cybersecurity Risk Management Framework (CRMF) USDE
https://www2.ed.gov/fund/contract/about/acs/2021-cybersecurity-risk-management-framework.pdf
Public

Risk Management Version 1.1 CISA
https://www.cisa.gov/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-RM.pdf
Public

Supply Chain Risk Management: The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel CISA
https://www.cisa.gov/resources-tools/resources/operationalizing-vendor-scrm-template-smbs
Public

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks CISA
https://www.cisa.gov/resources-tools/resources/securing-smb-supply-chains-resource-handbook
Public

Protect

Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions

Why I Use a Password Manager and Will Never Go Back Blog CoSN
https://www.cosn.org/why-i-use-a-password-manager-and-will-never-go-back/
Public

Authentication Management Toolkit: Executive Briefing CoSN
https://www.cosn.org/wp-content/uploads/2022/01/Authentication-Management-Executive-Summary.pdf
Public

Authentication Management Toolkit: Strategy 1 Leveraging Single Sign On CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-1-leverage-single-sign-on-sso/
Member

Authentication Management Toolkit: Strategy 2 Implement Multi Factor Authentication CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-2-implement-multi-factor-authentication-mfa/
Member

Authentication Management Toolkit: Strategy 3 Implement Password Management CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-3-implement-password-management/
Member

Authentication Management Toolkit: Strategy 4:Transition From Traditional Passwords to Passphrases CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-4-transition-from-traditional-passwords-to-passphrases/
Member

Authentication Management Toolkit : Strategy 5: Cybersafety and Student Account Provisioning CoSN
https://cosn.users.membersuite.com/shop/store/59ce3069-00ce-c88f-ae02-0b437796d7e0/detail
Member

*Users must be logged in to see member resources.

Awareness and Training (PR.AT): The organization’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity related duties and responsibilities consistent with related policies, procedures, and agreements.

Protecting Yourself: What Students, Parents, Teachers and Staff Need to Know About Cybersecurity Webinar Recording CoSN
https://www.cosn.org/tools-and-resources/resource/protecting-yourself-what-students-parents-teachers-and-staff-need-to-know-about-cybersecurity-webinar-archive/
Member

Protecting Yourself: What Students, Parents, Teachers and Staff Need to Know About Cybersecurity Podcast CoSN
https://www.buzzsprout.com/1181414/11319019-cybersecurity-in-today-s-learning-environments-what-school-leaders-must-know-and-do
Public

Cyber Safety: Seven Security Steps Teachers, Students & Families Can Protect Themselves CoSN
https://www.cosn.org/tools-and-resources/resource/cyber-safety-seven-security-steps-teachers-students-families-can-protect-themselves/
Member

Cyber Safety Social Media Messaging Campaign CoSN
https://www.cosn.org/tools-and-resources/resource/cyber-safety-social-media-messaging-campaign/
Public

Tips on Cybersecurity Awareness & Training CoSN
https://www.cosn.org/tips-on-cybersecurity-awareness-training/
Public

A Parent’s Guide for Understanding K-12 School Data Breaches US DOE
https://studentprivacy.ed.gov/resources/parent%E2%80%99s-guide-understanding-k-12-school-data-breaches
Public

Tabletop Exercise - Backdoors and Breaches and How-to Black Hills Info Security
https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/
Public

Tabletop Exercise - Backdoors and Breaches (Online Version) Black Hills Info Security
https://play.backdoorsandbreaches.com/
Public

Year-Long Campaign for Cybersecurity Awareness Blog CoSN
https://www.cosn.org/year-long-campaign-for-cybersecurity-awareness/
Public

*Users must be logged in to see member content.

Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information

Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

Maintenance (PR.MA): Maintenance and repairs of industrial control and information system components are performed consistent with policies and procedures.

Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

Three Things You Can Do in Less Than Three Hours of Work to Significantly Reduce Cybersecurity Risk CoSN
https://www.cosn.org/3-things-you-can-do-in-less-than-3-hours-of-work-to-significantly-reduce-cybersecurity-risk/
Public

AI & Cybersecurity: What You Need to Know Webinar Recording CoSN
https://www.cosn.org/tools-and-resources/resource/ai-cybersecurity-what-you-need-to-know-webinar-recording/
Member Exclusive

*Users must be logged in to see Member Exclusive resources.

Detect

Anomalies and Events (DE.AE): Anomalous activity is detected and the potential impact of events is understood.

Security Continuous Monitoring (DE.CM): The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures.

Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.

Respond

Response Planning (RS.RP): Response processes and procedures are executed and maintained, to ensure response to detected cybersecurity incidents.

Building a Learning Continuity Plan CoSN
https://www.cosn.org/tools-and-resources/resource/learning-continuity-planning/
Public

Disaster Preparation: Building Your Disaster Recovery “GO KIT”CoSN
https://www.cosn.org/tools-and-resources/resource/distaster-preparation-building-your-disaster-recovery-go-kit/
Member

Lessons Learned from a Cyber Incident Part 1: The Incident & The Aftermath Blog CoSN
https://www.cosn.org/lessons-learned-from-a-cyber-incident-part-1-the-incident-the-aftermath/
Public

Lessons Learned from a Cyber Incident Part 2: Common Questions and Lessons Blog CoSN
https://www.cosn.org/lessons-learned-from-a-cyber-incident-part-2-common-questions-and-lessons/
Public

Readiness and Emergency Management for Schools Technical Assistance Center: Cybersecurity and Cyber Safety US DOE
https://rems.ed.gov/
Public

Cybersecurity Considerations for K-12 Schools and School Districts US DOE
https://rems.ed.gov/docs/Cybersecurity_K-12_Fact_Sheet_508C.PDF
Public

Ransomware Response Check list CISA
https://www.cisa.gov/stopransomware/ive-been-hit-ransomware
Public

"NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems" NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
Public

Computer Security Threat Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Planning Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Planning-Policy.docx
Public

FEMA Incident Response Training FEMA
https://training.fema.gov/is/
Public

*Users must be logged in to see member resources.

Communications (RS.CO): Response activities are coordinated with internal and external stakeholders (e.g. external support from law enforcement agencies)

Guide to Cyber Threat Information Sharing NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf
Public

Computer Security Threat Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Analysis (RS.AN): Analysis is conducted to ensure effective response and support recovery activities.

Guide to Integrating Forensic Techniques into Incident Response NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Public

Guidelines on Mobile Device Forensics NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf
Public

"Computer Security Threat Response Policy" CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident

Improvements (RS.IM): Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

"Computer Security Threat Response Policy" CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Recover

Recovery Planning (RC.RP): Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cybersecurity incidents.

Guide for Cybersecurity Event Recovery NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
Public

Monthly Webinars including Tabletop Exercise TX-ISAO
https://dir.texas.gov/information-security/tx-isao
Public

Incident Response and Awareness Training FedVTE
https://www.cisa.gov/resources-tools/training/incident-response-and-awareness-training
Public

CISA Tabletop Exercise Packages CISA
https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
Public

Data Breach or PII Exposure Exercises TEA
https://www.texasgateway.org/resource/cybersecurity-tips-and-tools
Public

Texas DIR Incident Response Team Redbook Template Texas DIR
https://dir.texas.gov/resource-library-item/texas-dir-incident-response-team-redbook-template
Public

Cybersecurity Tabletop Exercises WA.gov
https://cybersecurity.wa.gov/tabletop-exercises
Public

Secure Tomorrow Series Toolkit CISA
https://www.cisa.gov/secure-tomorrow-series-toolkit
Public

Ransomware Response Exercises for Executives IANS Research
https://www.iansresearch.com/resources/all-blogs/post/security-blog/2021/10/28/ransomware-response-exercises-for-executives
Public

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (NIST 800-84) NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-84.pdf
Public

Improvements (RC.IM): Recovery processes and procedures are improved by incorporating lessons learned into future activities.

Communications (RC.CO): Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors

CoSN Resources: https://www.cosn.org/edtech-topics/cybersecurity/
Cybersecurity Planning : Cybersecurity Prevention & Preparation : Cybersecurity Implementation : Cybersecurity Response

CC BY-NC-ND

This license enables reusers to copy and distribute the material in any medium or format in unadapted form only, for noncommercial purposes only, and only so long as attribution is given to the creator. CC BY-NC-ND includes the following elements:

cc by nc nd expanded

CoSN’s NIST Cybersecurity Framework Resources Alignment for K-12

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Identify

Protect

Detect

Respond

Recover

CC BY-NC-ND

Join CoSN

Contact Information

CoSN’s NIST Cybersecurity Framework Resources Alignment for K-12

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12 developed by the CoSN Cybersecurity Committee led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Identify

Protect

Detect

Respond

Recover

CC BY-NC-ND

Join CoSN

Contact Information

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org