K-12 Cybersecurity Self-Assessment – The K-12 Cybersecurity Resource Center

K-12 Cybersecurity Self Assessment

Note: Please print or save your completed self-assessment report. It will not be saved.

Loading…

Frequently Asked Questions (FAQs)

Why was this self-assessment created? K-12 leaders need a functional assessment that is vendor-neutral, free, quick, useful, private, and anonymous. For more background, read ‘Introducing the K-12 Cybersecurity Self-Assessment‘ by April Mardock.
Is this self-assessment truly anonymous? While skepticism is warranted, the application does not log or collect information that could be used to identify a school district, the individual completing the questionnaire, IT systems used by a school district, or individuals associated with a district (including students or staff). Neither your individual responses nor your resulting report will be shared with any third party or permanently retained. No account is required to take the self-assessment, and the self-assessment must be completed in one browser session.
For items that ask about the presence of cybersecurity controls, when should I select the ‘partial’ response option? The ‘partial’ response option exists for situations when a control is either in process of being implemented or is only partially implemented (e.g., on some, but not all IT systems, or for a subset of a user group). In short, you should select this option when you cannot answer 100% yes to all of an items’s components, but have nonetheless made some progress. As a self-assessment, you alone are the best judge of when this may apply.
Why does this self-assessment give me different feedback than others my district has taken? This self-assessment is based on the NIST CSF, which is only one cybersecurity risk management framework. Other frameworks exist, each with different pros and cons for the K-12 use case. Moreover, this self-assessment is designed primarily to offer practical and actionable steps that school district IT leaders can take to reduce the cybersecurity risks they may be facing. It is not designed as a substitute for any other (potentially required) compliance testing and reporting with which your school district may have experience. Rather, it should be viewed as additive and any recommendations should be considered in light of your district’s specific context, needs, resources, and future plans.
How can I provide feedback or ask a question about this self-assessment? Feedback provided using this contact form will be directed to the appropriate parties.