Education Law 2-d requires educational agencies to adopt a policy on data security and privacy that aligns with the state's data security and privacy standard. The Department adopted the National Institute for Standards and Technology Cybersecurity Framework (NIST CSF) as the standard for educational agencies. At the center of the framework is the Core, which is a set of activities and desired outcomes designed to help organizations manage data security and privacy risk. The Core is organized into functions, categories, and subcategories.

Clicking any of the functions in the framework below will take you to the work page for that function.