Strategy Goals and Alignments
The NCDPI K-12 Cybersecurity Program strives to ensure essential cybersecurity hygiene of PSUs in North Carolina by providing several services and resources for PSU use at no cost.
These services aim to provide critical resources to PSUs and in turn additionally cross off various compliance requirements for several mainstream cybersecurity standards and frameworks
CIS Critical Security Controls
Since the inception of the K-12 Cybersecurity Program, NCDPI has leveraged the Center for Internet Security (CIS) Critical Security Controls as a guide for specific and actionable ways to thwart the most common attacks, with the goal of supporting PSUs to achieve CIS implementation group 1 (IG1) level, however, it is encouraged to strive for the further IG2 and IG3 levels. The CIS Controls are a relatively short list of high-priority, effective defensive actions that provide a starting point for enterprises seeking to improve their cyber defense.
NIST Cybersecurity Framework (CSF)
The K-12 Cybersecurity Program also aims to align its major strategy and design with the core functions of the NIST Cybersecurity Framework (CSF) which released its 2.0 version in February 2024. The framework describes 6 Core Functions including:
- Govern
- Identify
- Protect
- Detect
- Respond
- Recover
Each core function has several categories and subcategories further describing the expectations surrounding their implementations. The NIST CSF concepts are strongly influential in the K-12 Program’s Incident Response materials.
NIST 800-53
The NIST 800-53 framework is aimed towards federal agencies and contractors to assist them in meeting the requirements of the Federal Information Security Management Act (FISMA). However, the various control families and controls within them assist in shaping standards within the K-12 Cybersecurity Program as well. Specifically, the NCDPI Third Party Data Integration process is aligned with the NIST 800-53 framework.