Skip to main content
NC School Connectivity Initiative

PSU Cybersecurity Program Plan

Approach

The Cybersecurity Program Plan is a comprehensive documented strategy that defines how PSUs can implement strong cyber hygiene.  This plan integrates the Why, What, and How of NCDPI’s cybersecurity approach, tailoring it to the PSU’s specific people, processes, and technology.  This plan captures details of the significant cybersecurity efforts the PSU has undertaken, along with PSU implementation details of the applicable NCDPI K-12 Cybersecurity Program Services and Resources.

Model

More specifically, this cybersecurity program plan is heavily centered around two key elements from the NCDPI K-12 Cybersecurity Program Model of Cybersecurity for PSUs: Assets and Controls. In this model, PSUs have many assets they value and are critical for safe and secure school operations. Unfortunately, most assets have inherent vulnerabilities that threat actors wish to take advantage of by launching a variety of attacks that increases risk to PSUs. PSUs deploy layers of cybersecurity controls to reduce that risk to these assets. The protection of PSU assets is at the center of the cybersecurity model, our program, and this plan.

Assets

To promote a structured and efficient way to implement cybersecurity within a PSU, our Cybersecurity Program Plan is organized by the different asset types in this PSU, specifically by asset classes/types as defined in the CIS Controls: Devices, Software, Data, Users, Network, and Documentation.

Controls

For each asset class, PSUs outline applicable Controls and Safeguards from the Center for Internet Security Controls (CIS Controls) and the specific countermeasures our PSU implements to protect that asset. At a minimum, this plan documents our PSU’s approach to securing its assets by focusing on the 95 recommended CIS Control Safeguards selected by the NCDPI K-12 Cybersecurity Program. This subset of CIS Control Safeguards is called NC K-12 CORE Safeguards** and are security best practices that form the building blocks of a reasonable cybersecurity program for PSUs.

Summary

Overall, this plan framework translates PSUs cybersecurity strategy into actionable processes and practices to safeguard our PSU assets. Our PSU Cybersecurity Program Plan involves deploying a variety of technical controls and safeguards alongside establishing security policies and procedures to prevent and respond to cyber threats. In addition, we track our PSU implementation status and document a description of how the safeguard is met.

Resources

**Remember, you must be a member of the K-12 Cybersecurity Community Mailing list to access the PSU Cybersecurity Program Plan and other supporting materials.**
Subscribe here:   https://go.ncdpi.gov/NCK12CyberCommunityList

PSU Cybersecurity Program Plan
https://go.ncdpi.gov/PSU-Cybersecurity-Plan
(Google Force Copy Link)

https://go.ncdpi.gov/Cybersecurity-Plan-Form
(Google Form Plan Generation and Autofill)