CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Govern

Organizational Context: The circumstances — mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements — surrounding the organization’s cybersecurity risk management decisions are understood.

Building a Cybersecurity Program CoSN
https://www.cosn.org/wp-content/uploads/2023/03/How-to-Build-a-Cybersecurity-Program_-1.pdf
Public

NIST: Everything Begins & Ends with Leadership as the new GOVERN Function Declares a Heightened Leadership Imperative CoSN
https://www.cosn.org/nist-everything-begins-ends-with-leadership-as-the-new-govern-function-declares-a-heightened-leadership-imperative/
Public

Selecting A Cybersecurity Framework CoSN
https://www.cosn.org/wp-content/uploads/2023/03/Member-Brief-Selecting-a-Cybersecurity-Framework-1.pdf
Public

Cybersecurity Planning Template CoSN
https://www.cosn.org/wp-content/uploads/2023/03/2017-Cybersecurity-Template-2.pdf
Public

Partnering to Safeguard K-12 Organizations from Cybersecurity Threats Online Toolkit CISA
https://www.cisa.gov/resources-tools/resources/partnering-safeguard-k-12-organizations-cybersecurity-threats-online
Public

Risk Management Strategy: The organization’s priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions.

Risk Management Framework for Information Systems and Organizations NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Public

Standard ID.RM: Cybersecurity Risk Management Framework (CRMF) USDE
https://www2.ed.gov/fund/contract/about/acs/2021-cybersecurity-risk-management-framework.pdf
Public

Risk Management Version 1.1 CISA
https://www.cisa.gov/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-RM.pdf
Public

Roles, Responsibilities, and Authorities: Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated.

NIST: Everything Begins & Ends with Leadership as the new GOVERN Function Declares a Heightened Leadership Imperative Blog CoSN
https://www.cosn.org/nist-everything-begins-ends-with-leadership-as-the-new-govern-function-declares-a-heightened-leadership-imperative/
Public

Strategies for Building Information Security Governance CoSN
https://www.cosn.org/wp-content/uploads/2022/12/Strategies-for-Building-Information-Security-Governance.pdf
Public

Top 10 Tips for Governing Cybersecurity Culture: Connecting Organizational Context to Conduct and Change CoSN
https://www.cosn.org/top-10-tips-for-governing-cybersecurity-culture-connecting-organizational-context-to-conduct-and-change/
Public

Dear Superintendents: What I Wish School Leaders Knew About Cybersecurity CoSN
https://www.cosn.org/dear-superintendents-what-i-wish-school-leaders-knew-about-cybersecurity/
Public

Making the Case For Increased Cybersecurity Funding CoSN
https://www.cosn.org/edtech-topics/cybersecurity/cybersecurity-planning/
Public

Policy: Organizational cybersecurity policy is established, communicated, and enforced

Oversight: Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy

Cybersecurity Supply Chain Risk Management: Cyber supply chain risk management processes are identified, established, managed, monitored, and improved by organizational stakeholders.

Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel CISA
https://www.cisa.gov/resources-tools/resources/operationalizing-vendor-scrm-template-smbs
Public

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks CISA
https://www.cisa.gov/resources-tools/resources/securing-smb-supply-chains-resource-handbook
Public

K-12CVAT: K-12 Community Vendor Assessment Tool Lite-V4.1 CoSN
https://www.cosn.org/tools-and-resources/resource/k-12cvat/
Public

Identify

Asset Management: The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.

Implementing Asset Management CoSN
https://www.cosn.org/tools-and-resources/resource/implementing-asset-management/
Member Only

Application Inventory Worksheet CoSN
https://www.cosn.org/tools-and-resources/resource/cosn-district-application-inventory-worksheet/
Member Only

Implementing Asset Disposal CoSN
https://www.cosn.org/tools-and-resources/resource/implementing-asset-disposal/
Member Only

*Users must be logged in to see member resources.

Risk Assessment: The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

Conducting a Cybersecurity Risk Assessment CoSN
https://www.cosn.org/wp-content/uploads/2022/01/Conducting-A-Cybersecurity-Risk-Assessment.pdf
Public

The Dark Side of AI: How Generative AI Fuels Social Engineering CoSN
https://www.cosn.org/the-dark-side-of-ai-how-generative-ai-fuels-social-engineering/
Public

COSN Cybersecurity Risk Assessment Powered by S2 CoSN
https://securitystudio.com/cosn/
Public

K-12 Community Vendor Risk Assessment (K-12CVAT) CoSN
https://www.cosn.org/tools-and-resources/resource/k-12cvat/
Public

Risk Methodology for K12 CoSN
https://www.cosn.org/wp-content/uploads/2021/09/K12RiskMethodology.pdf
Public

CIS MS-ISAC K-12 Cybersecurity Assessment of the 2022-2023 School Year, CIS
https://learn.cisecurity.org/2023-k12-report
Public

Cyberhygine Services: Vulnerability Scanning CISA
https://www.cisa.gov/topics/cyber-threats-and-advisories/cyber-hygiene-services
Public

Reducing the Risk of a Successful Cyber Attack CISA
https://www.cisa.gov/stopransomware/cyber-hygiene-services
Public

Nationwide Cybersecurity Review (NCSR) MS-ISAC
https://www.cisecurity.org/ms-isac/services/ncsr
Public

Risk Assessment Method (RAM) CIS
https://www.cisecurity.org/insights/white-papers/cis-ram-risk-assessment-method
CIS Member

Improvement: Improvements to organizational cybersecurity risk management processes, procedures and activities are identified across all CSF Functions

Protect

Identity Management, Authentication and Access Control (PR.AC): Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions

Why I Use a Password Manager and Will Never Go Back Blog CoSN
https://www.cosn.org/why-i-use-a-password-manager-and-will-never-go-back/
Public

Everybody’s Free (To Use Strong Passwords) CoSN
https://www.cosn.org/everybodys-free-to-use-strong-passwords/
Public

Staying Safe While Online CoSN
https://www.cosn.org/staying-safe-while-online-2/
Public

Lock Before You Walk – Secure Workstations and Work Locations CoSN
https://www.cosn.org/lock-before-you-walk-secure-workstations-and-work-locations/
Public

Authentication Management Toolkit: Executive Briefing CoSN
https://www.cosn.org/wp-content/uploads/2022/01/Authentication-Management-Executive-Summary.pdf
Public

Authentication Management Toolkit: Strategy 1 Leveraging Single Sign On CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-1-leverage-single-sign-on-sso/
Member

Authentication Management Toolkit: Strategy 2 Implement Multi Factor Authentication CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-2-implement-multi-factor-authentication-mfa/
Member

Authentication Management Toolkit: Strategy 3 Implement Password Management CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-3-implement-password-management/
Member

Authentication Management Toolkit: Strategy 4:Transition From Traditional Passwords to Passphrases CoSN
https://www.cosn.org/tools-and-resources/resource/strategy-4-transition-from-traditional-passwords-to-passphrases/
Member

Authentication Management Toolkit : Strategy 5: Cybersafety and Student Account Provisioning CoSN
https://cosn.users.membersuite.com/shop/store/59ce3069-00ce-c88f-ae02-0b437796d7e0/detail
Member

*Users must be logged in to see member resources.

Awareness and Training (PR.AT): The organization’s personnel and partners are provided cybersecurity awareness education and are trained to perform their cybersecurity related duties and responsibilities consistent with related policies, procedures, and agreements.

Tips for K-12 Technology Directors: Communication Strategies for Social Engineering Awareness CoSN
https://www.cosn.org/tips-for-k-12-technology-directors-communication-strategies-for-social-engineering-awareness/
Public

Year-Long Campaign for Cybersecurity Awareness CoSN
https://www.cosn.org/year-long-campaign-for-cybersecurity-awareness/
Public

Protecting Yourself: What Students, Parents, Teachers and Staff Need to Know About Cybersecurity Webinar Recording CoSN
https://www.cosn.org/tools-and-resources/resource/protecting-yourself-what-students-parents-teachers-and-staff-need-to-know-about-cybersecurity-webinar-archive/
Member

Protecting Yourself: What Students, Parents, Teachers and Staff Need to Know About Cybersecurity Podcast CoSN
https://www.buzzsprout.com/1181414/11319019-cybersecurity-in-today-s-learning-environments-what-school-leaders-must-know-and-do
Public

Cyber Safety: Seven Security Steps Teachers, Students & Families Can Protect Themselves CoSN
https://www.cosn.org/tools-and-resources/resource/cyber-safety-seven-security-steps-teachers-students-families-can-protect-themselves/
Member

Cyber Safety Social Media Messaging Campaign CoSN
https://www.cosn.org/tools-and-resources/resource/cyber-safety-social-media-messaging-campaign/
Public

Tips on Cybersecurity Awareness & Training CoSN
https://www.cosn.org/tips-on-cybersecurity-awareness-training/
Public

A Parent’s Guide for Understanding K-12 School Data Breaches US DOE
https://studentprivacy.ed.gov/resources/parent%E2%80%99s-guide-understanding-k-12-school-data-breaches
Public

Tabletop Exercise - Backdoors and Breaches and How-to Black Hills Info Security
https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/
Public

Tabletop Exercise - Backdoors and Breaches (Online Version) Black Hills Info Security
https://play.backdoorsandbreaches.com/
Public

Year-Long Campaign for Cybersecurity Awareness Blog CoSN
https://www.cosn.org/year-long-campaign-for-cybersecurity-awareness/
Public

*Users must be logged in to see member content.

Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information

Platform Security: The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization’s risk strategy to protect their confidentiality, integrity, and availability

Technology Infrastructure Resilience: Security architectures are managed with the organization’s risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience

Defending Against Software Supply Chain Attacks CISA
https://www.cisa.gov/resources-tools/resources/defending-against-software-supply-chain-attacks-0
Public

Three Things You Can Do in Less Than Three Hours of Work to Significantly Reduce Cybersecurity Risk CoSN
https://www.cosn.org/3-things-you-can-do-in-less-than-3-hours-of-work-to-significantly-reduce-cybersecurity-risk/
Public

AI & Cybersecurity: What You Need to Know Webinar Recording CoSN
https://www.cosn.org/tools-and-resources/resource/ai-cybersecurity-what-you-need-to-know-webinar-recording/
Member Exclusive

*Users must be logged in to see Member Exclusive resources.

Detect

Continuous Monitoring: Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events

Adverse Event Analysis: Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents

Respond

Response Planning: Incident Management (RS.MA): Responses to detected cybersecurity incidents are managed

Building a Learning Continuity Plan CoSN
https://www.cosn.org/tools-and-resources/resource/learning-continuity-planning/
Public

Understanding and Responding to SaaS Vendor Cybersecurity Incidents CoSN
https://www.cosn.org/understanding-and-responding-to-saas-vendor-cybersecurity-incidents/
Public

Disaster Preparation: Building Your Disaster Recovery “GO KIT”CoSN
https://www.cosn.org/tools-and-resources/resource/distaster-preparation-building-your-disaster-recovery-go-kit/
Member

Lessons Learned from a Cyber Incident Part 1: The Incident & The Aftermath Blog CoSN
https://www.cosn.org/lessons-learned-from-a-cyber-incident-part-1-the-incident-the-aftermath/
Public

Lessons Learned from a Cyber Incident Part 2: Common Questions and Lessons Blog CoSN
https://www.cosn.org/lessons-learned-from-a-cyber-incident-part-2-common-questions-and-lessons/
Public

Readiness and Emergency Management for Schools Technical Assistance Center: Cybersecurity and Cyber Safety US DOE
https://rems.ed.gov/
Public

Cybersecurity Considerations for K-12 Schools and School Districts US DOE
https://rems.ed.gov/docs/Cybersecurity_K-12_Fact_Sheet_508C.PDF
Public

Ransomware Response Check list CISA
https://www.cisa.gov/stopransomware/ive-been-hit-ransomware
Public

"NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems" NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf
Public

Computer Security Threat Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Planning Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Planning-Policy.docx
Public

FEMA Incident Response Training FEMA
https://training.fema.gov/is/
Public

*Users must be logged in to see member resources.

Incident Analysis (RS.AN): Investigations are conducted to ensure effective response and support forensics and recovery activities

Guide to Integrating Forensic Techniques into Incident Response NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Public

Guidelines on Mobile Device Forensics NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf
Public

"Computer Security Threat Response Policy" CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Incident Response Reporting and Communication (RS.CO): Response activities are coordinated with internal and external stakeholders as required by laws, regulations, or policies

Guide to Cyber Threat Information Sharing NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf
Public

Computer Security Threat Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Computer-Security-Threat-Response-Policy.docx
Public

Cyber Incident Response Standard CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Cyber-Incident-Response-Standard.docx
Public

Incident Response Policy CIS MS-ISAC
https://www.cisecurity.org/wp-content/uploads/2020/06/Incident-Response-Policy.docx
Public

Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident

Recover

Incident Recovery Plan Execution (RC.RP): Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents

Guide for Cybersecurity Event Recovery NIST
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
Public

Conducting an After Action Review (AAR) After a Cybersecurity Incident CoSN
https://www.cosn.org/tools-and-resources/resource/conducting-an-after-action-review-aar-after-a-cybersecurity-incident-member-exclusive/
Member Exclusive

Monthly Webinars including Tabletop Exercise TX-ISAO
https://dir.texas.gov/information-security/tx-isao
Public

Incident Response and Awareness Training FedVTE
https://www.cisa.gov/resources-tools/training/incident-response-and-awareness-training
Public

CISA Tabletop Exercise Packages CISA
https://www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages
Public

Data Breach or PII Exposure Exercises TEA
https://www.texasgateway.org/resource/cybersecurity-tips-and-tools
Public

Texas DIR Incident Response Team Redbook Template Texas DIR
https://dir.texas.gov/resource-library-item/texas-dir-incident-response-team-redbook-template
Public

Cybersecurity Tabletop Exercises WA.gov
https://cybersecurity.wa.gov/tabletop-exercises
Public

Secure Tomorrow Series Toolkit CISA
https://www.cisa.gov/secure-tomorrow-series-toolkit
Public

Ransomware Response Exercises for Executives IANS Research
https://www.iansresearch.com/resources/all-blogs/post/security-blog/2021/10/28/ransomware-response-exercises-for-executives
Public

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities (NIST 800-84) NIST
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-84.pdf
Public

IT Business Continuity Audit Program ISACA
https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEfEAK
Member

After-Action Report/Improvement Plan CISA
https://www.cisa.gov/sites/default/files/publications/8%20-%20CTEP%20AAR-IP%20Template%20%282020%29%20FINAL_508.pdf
Public

Incident Recovery Communication (RC.CO): Restoration activities are coordinated with internal and external parties

CoSN Resources: https://www.cosn.org/edtech-topics/cybersecurity/
Cybersecurity Planning : Cybersecurity Prevention & Preparation : Cybersecurity Implementation : Cybersecurity Response

CC BY-NC-ND

This license enables reusers to copy and distribute the material in any medium or format in unadapted form only, for noncommercial purposes only, and only so long as attribution is given to the creator. CC BY-NC-ND includes the following elements:

cc by nc nd expanded

CoSN’s NIST Cybersecurity Framework Resources Alignment for K-12

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Govern

Identify

Protect

Detect

Respond

Recover

CC BY-NC-ND

Join CoSN

Contact Information

Payment Remittance Address

Office

Main Number

CoSN ByLaws

Special Requests

Improving Accessibility

CoSN’s NIST Cybersecurity Framework Resources Alignment for K-12

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12 developed by the CoSN Cybersecurity Committee led by Project Director, Amy McLaughlin, amclaughlin@cosn.org

Govern

Identify

Protect

Detect

Respond

Recover

CC BY-NC-ND

Join CoSN

Contact Information

Payment Remittance Address

Office

Main Number

CoSN ByLaws

Special Requests

Improving Accessibility

CoSN's NIST Cybersecurity Framework Resources Alignment for K-12
developed by the CoSN Cybersecurity Committee
led by Project Director, Amy McLaughlin, amclaughlin@cosn.org