79-1342.

Model cybersecurity policy and cybersecurity framework; governing board, adopt policy; cybersecurity readiness assessment; use.

(1)(a) The department shall, in consultation with the coordinating council director and the office and subject to available funding, develop a model cybersecurity policy and cybersecurity framework based on nationally recognized best practices for kindergarten through twelfth grade education cybersecurity. Such policy and framework shall (i) define tiered levels of cybersecurity readiness, (ii) include criteria for determining risk levels and priority needs, and (iii) support alignment with both state and federal cybersecurity guidance.

(b) Each governing board shall adopt a policy consistent with the model policy and framework developed pursuant to subdivision (a) of this subsection in order to be eligible to receive funding pursuant to the K-12 Education Cybersecurity Act.

(2) The department shall, in consultation with the coordinating council director and the office and subject to available funding, purchase or develop a standardized cybersecurity readiness assessment for use by schools and educational service units. The assessment shall be used to (a) determine the school's readiness tier placement in the cybersecurity framework, (b) provide actionable recommendations for addressing identified vulnerabilities, (c) inform funding priorities, and (d) allow aggregation of statewide data to guide strategic planning and resource allocation.

(3) Each governing board shall annually complete the cybersecurity readiness assessment to be eligible for funding under the K-12 Education Cybersecurity Act. Such assessment shall be provided at no cost to each school and educational service unit, and results shall be used by the coordinating council to measure progress over time and inform continuous improvement efforts.