Strategy

The North Carolina K-12 Cyber Objectives, Recommendations, and Essentials (NC K-12 CORE) is a comprehensive strategy aimed at enhancing the cybersecurity awareness, practices, and posture of PSUs across North Carolina. This approach incorporates cybersecurity and data privacy best practices from national frameworks while ensuring alignment with specific NC educational initiatives, ultimately fostering a secure digital teaching and learning environment for all K-12 stakeholders.

Cyber

Cybersecurity is the people, processes, and technologies leveraged in PSUs to ensure the confidentiality, integrity, availability, authentication, and accountability of their assets.

Objectives

To help PSUs achieve Strong Cyber Hygiene by organizing and aligning business and technical cybersecurity functions holistically across the state so that PSU and NCDPI stakeholders have greater visibility into the people, processes, and technologies deployed and have a measurable way to determine whether those efforts are sufficient and correct for current and future needs. The goals is to help PSUs to achieve Strong Cyber Hygiene!

Recommendations

Leveraging best practices from existing cybersecurity and education frameworks lets PSUs stand on proven, widely accepted guidance rather than starting from scratch, saving time and reducing risk. These frameworks provide a consistent language for governance, clarify prioritized controls, and help map technical, operational, and compliance requirements to specific actions. Applicable components from Common Criteria, NIST Cybersecurity Framework, CIS Critical Security Controls, NCDPI Digital Learning Plan, CoSN Trusted Learning Environment, NCDPI Achieving Educational Excellence Strategic Plan, and others are incorporated into the NCDPI K-12 Cybersecurity Programs operations and strategy.

The NCDPI K-12 Cybersecurity Program developed the
Model of Cybersecurity for PSUs as a visual representation and narrative of the key concepts and relationships across the cybersecurity landscape.
This model is based on Common Criteria Common Criteria for Information Technology Security Evaluation General Model.

Essentials

The essential cybersecurity actions and practices that every PSU must adopt to mitigate risks effectively to have strong cyber hygiene. The NCDPI K-12 Cybersecurity Program has selected a subset of the CIS Controls and Safeguards as the essential steps PSUs need to prevent, detect, and respond to the most common types of attacks. These are referred to at the NC K-12 CORE Safeguards. A detailed list of these safeguards are provided in our NC K-12 CORE Safeguards with Service Mappings reference document.

Approach

To execute this strategy, the K-12 Cybersecurity Program supports PSUs with a simple approach:

• Help PSUs understand why cybersecurity is important continuous learning of the cybersecurity fundamental concepts, threats, and risks (The Why)
• Provide a straightforward curated checklist of what PSUs need to do to have Strong Cyber Hygiene and protect their assets with the CIS Controls and Safeguards (The What)
• Deploy a rich set of no-cost statewide cybersecurity services and resources to support PSUs to achieve these goals (The How)

By formalizing the 4 components with our approach, the NC K‑12 CORE helps North Carolina PSUs create a proactive, comprehensive cybersecurity strategy that raises overall awareness of cybersecurity threats, provides a prioritized list of actions to mitigate those threats, offers services and resources to achieve goals. In addition, the strategy includes a PSU Cybersecurity Program Plan and PSU Cyber Hygiene Assessment Program to document, monitor, and assess progress.

This strategy not only improves the cybersecurity posture of North Carolina K‑12 educational organizations but also supports a secure digital learning space for students and teachers.