Ensure Readiness for the MSIP 6 Standard on Cybersecurity and Privacy

  • Published: Thursday, April 28, 2022

MOREnet is providing this information and guidance, in consultation with the Department of Elementary and Secondary Education (DESE), to assist districts and charters with successful alignment to Standard L10 in the Missouri School Improvement Program (MSIP) 6 Standards.

This information is also available on an easy-to-understand flier that can be printed and posted in your administrative offices.

MSIP 6 Standard

School Safety L10 - The school system actively addresses school safety and security in all facilities

E. The school system implements a cyber/privacy security plan, utilizing nationally accepted standards

To successfully meet this standard, the school district will document its plans to implement these Top 10 items, at a minimum.

The following industry accepted information security frameworks were referenced in the creation of this document: NIST SP 800-53, 171, CSF, CIS Controls* that includes:

  • Inventory and control of hardware and software assets connected to the infrastructure physically, virtually, remotely, and within cloud environments.
  • Implement complex password requirements.
    • 15-character length
    • Upper/lower case
    • Numbers
    • Special characters (!, *, %)
  • Document your plan toward implementing multi-factor authentication (MFA), requiring MFA for:
    • Employee email
    • Remote access
    • Privileged account or access
  • Develop and document a process for offsite and offline backups and testing restore processes of critical data.**
  • Implement an ongoing cybersecurity awareness program that includes simulated phishing campaigns.**
  • Deploy endpoint detection and protection (EDP) on all managed devices.
    • EDP will monitor and collect activity data, analyze, and automatically respond to identified threats or suspicious activity. Examples of endpoint detection and protection include such things as anti-virus software, malware detection software, enabled host firewall, etc.
  • Create an audited, written plan for patching hardware and software.
  • Remove local administrator rights for end users. Establish a policy of least privilege.
  • Develop a written Disaster Recovery/Incident Response Plan. Test and update on a regular basis.
  • Document a plan for protecting data privacy. E.g., Missouri Student Privacy Alliance (MOSPA), Student Data Privacy Consortium (SDPC)

*NIST-National Institute of Standards and Technology
NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations
NIST SP 800-171 – Outlines required security standards and practices that handle controlled unclassified information (CUI) on their networks.
NIST-CSF- Cybersecurity Framework
CIS-Center for Internet Security

** MOREnet has discounted solution options to support your goals in this specific area, contact us at [email protected] for more information.