79-1341.

Cybersecurity products and services; program; funding; eligibility; allocation.

(1) The department shall, in coordination with the coordinating council and subject to available funding, develop and administer a program to provide funding for the purchase of cybersecurity products and services for use in schools and educational service units. The program shall be designed to:

(a) Address statewide and local cybersecurity priorities identified through readiness assessments;

(b) Encourage cost-effective purchasing through shared procurement models, public-private partnerships, and the leveraging of multiple funding streams; and

(c) Support both immediate cybersecurity needs and long-term cybersecurity capacity building.

(2) The program shall include:

(a) The process for application by and requirements for governing boards to obtain funding pursuant to the K-12 Education Cybersecurity Act, including deadlines for meeting the requirements to receive funding;

(b) The process of (i) application review and scoring by the Commissioner of Education, coordinating council director, and office and (ii) approval by the department. Scoring and review of applications shall include criteria that prioritizes higher-need applications or proposals that demonstrate regional collaboration;

(c) The creation of distribution methods and requirements for funding disbursement, including (i) the calculation of funding for each school and educational service unit pursuant to subdivision (3)(b)(i) of this section and (ii) how a school or educational service unit may receive or access funding, which may include via a consortium as provided in subdivision (2)(d) of this section or otherwise, as established in rules and regulations adopted and promulgated by the State Board of Education in consultation with the coordinating council and the office;

(d) The creation of consortiums for access to funding under the act, including, but not limited to, the eligibility requirements and process for a governing board to join a consortium. The program created pursuant to this section shall allow for the creation of as many consortiums as are necessary to facilitate compliance with the act and to incentivize shared purchasing agreements to maximize buying power;

(e) The requirement that governing boards complete an annual cybersecurity readiness assessment as provided in section 79-1342;

(f) The creation, in consultation with the office, of a list of approved cybersecurity products and services in a tiered system that (i) aligns with nationally recognized frameworks, (ii) includes cost-effective options for small or rural schools, and (iii) may be updated annually to reflect the emerging threats and technologies; and

(g) Braided funding approaches, allowing schools and educational service units to combine state funding under the K-12 Education Cybersecurity Act with federal grants, local resources, and private contributions, as long as such funding is used in compliance with the approved product and service list.

(3)(a) A governing board shall be eligible for funding pursuant to the K-12 Education Cybersecurity Act for use on approved cybersecurity products and services in an amount calculated by the Commissioner of Education pursuant to subdivision (b) of this subsection if such governing board (i) submits evidence that such governing board has completed the annual cybersecurity readiness assessment as provided in section 79-1342, (ii) submits evidence that such governing board has adopted a cybersecurity policy and cybersecurity framework consistent with the model policy and framework developed by the department pursuant to section 79-1342, and (iii) provides any other additional information required by the department to demonstrate alignment with the goals of the act.

(b)(i) The Commissioner of Education, in coordination with the coordinating council director, shall annually calculate the amount of funding each governing board may receive or access pursuant to the rules and regulations adopted and promulgated by the State Board of Education in consultation with the coordinating council. Funding allocations may be adjusted based on readiness assessment results, risk level, and demonstrated financial need.

(ii) The department shall use funds from the State Department of Education Improvement Grant Fund to carry out the K-12 Education Cybersecurity Act.