MSIP 6 Standards

MOREnet is providing this information and guidance, in consultation with the Department of Elementary and Secondary Education (DESE), to assist districts and charters with successful alignment to Standard L10 in the Missouri School Improvement Program (MSIP) 6 Standards. MOREnet originally provided guidance in 2022 with a list of security controls. Recently, MOREnet reviewed and updated the recommended controls, and consulted again with DESE.

To successfully meet the Missouri School Improvement Program (MSIP) 6 Standard L10, school districts are required to document their plans to implement an information security program. At a minimum, this program should include the following ten best practices.

  1. Inventory and control of hardware and software assets connected to the infrastructure physically, virtually, remotely, and within cloud environments.
  2. Implement secure authentication, including:
    • Multifactor authentication for all administrator, privileged, remote access and single-sign-on accounts
    • 15+ character passwords for accounts where MFA is not an option
  3. Develop and document a process for backups**, including:
    • Offsite and immutable or offline backups
    • Testing restore processes of critical data
  4. Implement an ongoing cybersecurity awareness program** that includes:
    • Simulated phishing campaigns
    • Social engineering training
    • Internally reporting cyber events
  5. Utilize a baseline secure configuration for all managed devices, including:
    • Endpoint detection and response software
    • Remove or rename default device admin accounts; utilize unique passwords for each device
    • Remove local admin rights for all user accounts
    • Device encryption
    • Screen lock
    • Remove unnecessary software and services
  6. Create an audited, written plans for vulnerability management and patching hardware and software.
  7. Establish a process for granting, revoking and auditing access to network resources and data, with access granted strictly on a need-to-know basis required to perform job responsibilities.
  8. Develop a written disaster recovery/incident response plan. Test and update annually.
  9. Monitor logs for critical hosted systems including identity management system, firewall, hosted/managed servers.
  10. Establish and communicate policies and procedures in collecting, creating, storing, protecting and maintaining privacy of sensitive data through all data lifecycle stages (e.g., Missouri Student Privacy Alliance (MOSPA), Student Data Privacy Consortium (SDPC)).

MSIP 6 Standard

School Safety L10 – The school system actively addresses school safety and security in all facilities  

E. The school system implements a cyber/privacy security plan, utilizing nationally accepted standards 

To successfully meet this standard, the school district must document its plans to implement cyber and privacy security measures. 

Standards and Frameworks Used

The following industry accepted information security standards and frameworks were referenced in the creation of the recommendations:  

  • National Institute of Standards and Technology (NIST) SP 800-63B 
  • NIST Cybersecurity Framework (CSF) 2.0 
  • Center for Internet Security (CIS) Critical Security Controls v8.1 

**MOREnet has discounted solution options to support your goals in this specific area; contact us at info@more.net for more information.