The K12 SIX Technical Working Group is pleased to release the 2024-25 updates to its popular ‘K12 SIX Essential Cybersecurity Protections’ series of products.

Developed by K-12 IT practitioners, for K-12 IT practitioners—and aligned to cybersecurity risk management best practices—the K12 SIX Essentials series establishes baseline cybersecurity standards for U.S. school systems and provides guidance and tools to support their implementation. K12 SIX-recommended practices are designed to defend against the most common cyber threats facing school districts.

In an effort to maximize the benefit of the FCC's new Schools and Libraries Cybersecurity Pilot Program, K12 SIX members collaborated to identify and assess a wide array of potentially eligible commercial cybersecurity activities and solutions that may significantly reduce cybersecurity risks commonly facing school systems. The guidance, "FCC Schools and Libraries Cybersecurity Pilot Program: Advice for K-12 Applicants on Maximizing the Impact," is designed to spur ideas about how school systems of varying cybersecurity maturities and capacity can take best advantage of this pilot funding opportunity.

K12 SIX is pleased to announce the availability of the Call for Speakers and Registration for the 3rd Annual National K-12 Cybersecurity Leadership Conference to be held February 24-26, 2025 in San Diego, CA.

Previously released as a member-only resource, K12 SIX is pleased to make available to the wider K-12 community new guidance entitled, “Mitigating Compromised K-12 Google Workspace/Microsoft 365 for Education Accounts.”

When K-12 user accounts are compromised, it takes more than a password reset to ensure the ongoing security and privacy of your school system’s data and IT systems. Developed by K-12 IT practitioners for K-12 practitioners, this checklist and accompanying guidance can help direct your response.

On May 8, 2024, the K12 Security Information eXchange (K12 SIX) submitted comments in response to the publication of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) Notice of Proposed Rulemaking. The proposed regulation would institute federal cyber incident reporting requirements on the K-12 sector for the first time.

In short, K12 SIX is supportive of the aims of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and views the proposed regulations as enabling foundational information infrastructure for national civil cyber defense. In submitted comments, K12 SIX offered feedback on issues with CIRCIA implementation specific to the K-12 education facilities critical infrastructure subsector.

The K12 SIX Technical Working Group is pleased to open a call for public input into the fourth annual update and revision to the K12 SIX Essential Cybersecurity Protections Series. The goal of the series is to communicate the most important defenses that K-12 school systems can implement to dramatically reduce the cybersecurity risks they are facing. Entering its fourth annual update and revision cycle, it is an opinionated framework, emphasizing accessibility and pragmatism over comprehensiveness.

On March 28, 2024, the U.S. Department of Education—in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)—held the kickoff meeting of the Education Facilities Subsector Government Coordinating Council (GCC), designed to facilitate formal, ongoing collaboration between all levels of government and the education sector on issues of K-12 cybersecurity risk management. The launch of the GCC marks an inflection point for the K-12 education sector, bringing it on par with other critical infrastructure sectors and subsectors that have previously established such stakeholder councils.

K12 Security Information eXchange (K12 SIX) is pleased to welcome ThreatDown, powered by Malwarebytes, as a partner in its efforts to advance the cybersecurity of K-12 education institutions in the United States.

Malwarebytes, a global provider of real-time cyber protection, offers ThreatDown solutions that combine award-winning endpoint security, threat surface reduction and 24/7 managed services to support K-12 districts and schools defending against today’s modern threats. Purpose-built to be easy to use for K-12, ThreatDown solutions can take down cybersecurity threats, complexity, and costs.

K12 SIX has submitted comments in response to the FCC's NPRM on the "Schools and Libraries Cybersecurity Pilot Program." In our comments, K12 SIX makes three broad points about the proposed pilot program: (1) the proposed pilot program will be successful only to the degree it builds upon foundational K-12 cybersecurity risk management practices designed to address systemic weaknesses in the sector; (2) the goals of the proposed pilot program must recognize the unique context in which it will operate and support comprehensive long-term improvements in close consultation with ED and CISA; and (3) the proposed pilot program is likely too small and too slow to make a difference given the scope of challenges facing the K-12 sector. 

In observance of Cybersecurity Awareness Month, the K12 Security Information eXchange (K12 SIX) is pleased to publicly release the 2023 – 2024 school year updates to its Essential Cybersecurity Protections series. Developed by K-12 IT practitioners, for K-12 IT practitioners—and aligned to cybersecurity risk management best practices—the K12 SIX Essential Cybersecurity Protections series establishes baseline cybersecurity standards for U.S. school districts and provides guidance and tools to support their implementation.

In collaboration with the K12 Security Information eXchange (K12 SIX), SETDA recently announced the release of a cybersecurity resource focused on small, rural, and under-resourced districts: “Small Districts, Big Hurdles: Cybersecurity Support for Small, Rural, and Under-resourced Districts.” The publication offers details on how state agencies and other support organizations are empowering their smallest districts to secure their data and networks.

K12 SIX is pleased to announce the opening of the 2024 National K-12 Cybersecurity Leadership Conference call for speakers. Specifically, we are seeking proposals for individual and panel presentations (45 minute sessions), as well as hands-on workshops (from 90-105 minutes in length) that speak directly to the needs and experiences of practicing K-12 leaders and practitioners. The call for speakers will remain open through October 31, 2023.

On the heels of last week’s K-12 cybersecurity event at the White House, K12 SIX partnered with AASA, the School Superintendents Association, on a cyber fact sheet compiling the array of new K-12-specific cybersecurity announcements and resources. Linked resources come from the U.S. Department of Education, the Cybersecurity and Infrastructure Security Agency (CISA), and various private sources.

The K12 Security Information eXchange (K12 SIX), the nation’s K-12 education information sharing and analysis center, applauds the availability of new education-focused federal and private sector cybersecurity resources being made available for the start of the new school year.

The K12 SIX Essential Cybersecurity Protections Series establishes actionable baseline cybersecurity standards for U.S. school districts and provides guidance and tools to support their implementation. As part of the process of making 2023-2024 school year updates and enhancements to the series, K12 SIX is also pleased to announce an open call for feedback and input.

K12 SIX is pleased to announce the release of Version 1.2 of the K12 SIX Essential K-12 Cybersecurity Protections for the 2022-23 School Year: Implementation Standards. This is a minor revision that adds alignments to Version 1.01 of the Cybersecurity and Infrastructure Security Agency’s Cross-Sector Cybersecurity Performance Goals (CPGs).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed K12 SIX Director Doug Levin to a two-year term on its Cybersecurity Advisory Committee (CSAC). In this role, Levin will advise on the unique cybersecurity needs and threats impacting the U.S. K-12 education sector and lend his expertise to guide policy and programs to support “target-rich, cyber-poor” entities across the nation.

K12 SIX is pleased to announce the release of Version 1.1 of the K12 SIX Essential K-12 Cybersecurity Protections for the 2022-23 School Year: Implementation Standards. This is a minor revision that adds alignments to the recently released Cybersecurity and Infrastructure Security Agency’s Cross-Sector Cybersecurity Performance Goals (CPGs) alongside existing alignments to the NIST CSF v1.1 and the CIS Controls v8.