1. Home
  2. Academics
  3. Learning Support
  4. Technology Planning

K-12 Cybersecurity Initiative FAQs

This page contains frequently asked questions about the K-12 Cybersecurity Initiative.

Questions

  1. If a school system qualifies for the program and chooses to buy extra endpoints with their own budget, are they allowed to do that, and if so, are they under the same console?
  2. Is the TX K-12 Cybersecurity Initiative mandatory for school systems?
  3. Will the school system be able to make their own changes to the admin console or would they have to go through DIR Managed Service Provider (MSP) to remediate false positives or change configurations?
  4. Do Inter-Local Contracts (ILCs) with DIR expire? Do I need to sign a new ILC every year?
  5. How can I check my school's ILC status?
  6. What type of schools are eligible for the K-12 Cybersecurity Initiative? 
  7. What if the school system signs up but then decides not to use the service?
  8. Will the school system get to choose which EDR service they use? What are the options?
  9. Will the funding cover an existing EDR?
  10. How long will this program be funded for?
  11. Would EDR replace my existing traditional anti-virus?
  12. What happens after the 2-year funding period?
  13. What happens if funds are not renewed?
  14. Is there a maximum size for participation?
  15. Are charter schools eligible?
  16. Would school systems with student enrollment above 50K get any discounts or offers with this initiative?
  17. Is EDR only for servers, central office/admin and teaching staff?
  18. Is there a minimum number of licenses for smaller school systems that have a higher staff to student ratio?
  19. Why are school systems having to approve and accept financial billing verbiage in the Inter-Local Contract?
  20. Will State Government have access to my EDR data?
  21. What if my school system has an EDR solution but it is not managed. Can we have MSS MSP manage the alerts?
  22. Is the NDR pilot program on pause for new participants?

Answers

If a school system qualifies for the program and chooses to buy extra endpoints with their own budget, are they allowed to do that, and if so, are they under the same console?

Yes, there will need to be two separate demands when requesting the service in the portal. One demand will direct billing to ÁñÁ«ÊÓÆÁ, the other to the school system. Any school system will be able to purchase via the DIR-MSS program. The school system will get the same service and pricing as ÁñÁ«ÊÓÆÁ and the rest of the MSS participants. school systems will be billed on a monthly basis for services purchased through the MSS.

Is the TX K-12 Cybersecurity Initiative mandatory for school systems?

Leveraging resources provided by the TX K-12 Cybersecurity Initiative is not required, however in order to reduce risk of data loss and availability of school system data, it is strongly encouraged for all school systems to prioritize implementing the following cybersecurity controls:

  • Implement fully managed Endpoint Detection and Response (EDR) on school system servers and applicable staff devices.
  • Implement Multi-Factor Authentication (MFA) on staff email systems.
  • Implement email protocol security configurations (DMARK/DKIM/SPF).
  • Restrict local admin access.

Will the school system be able to make their own changes to the admin console or would they have to go through DIR Managed Service Provider (MSP) to remediate false positives or change configurations?

With the Shared EDR managed service, each school system will be able to work with DIR's MSP to make configuration changes to the EDR admin console, and school systems will have access to a read-only EDR dashboard. If school systems purchase the Dedicated EDR option, school systems will be able to modify EDR administrative configurations, however, the school system will be fully responsible for the operation and maintenance of the EDR administrative console and endpoints. The dedicated option will only manage the alerting coming from the EDR service. 

Do Inter-Local Contracts (ILCs) with DIR expire? Do I need to sign a new ILC every year?  

ILCs do not expire. The ILC will remain in place unless you request it to be revoked. 

How can I check my school's ILC status?

Please send an email to k12cyber@tea.texas.gov and ÁñÁ«ÊÓÆÁ can verify if your school system has completed the ILC. 

What type of schools are eligible for the K-12 Cybersecurity Initiative? 

The K-12 Cybersecurity Initiative is available to districts and charter schools. Private schools are not eligible. A complete list of eligible school systems can be found on AskTED at

What if the school system signs up but then decides not to use the service?

Completing the Interlocal Contract (ILC) process does not obligate a school system to request services. Once an ILC is on file, the school system may request services at any time when ready. If the school system has requested MSS services, those services can be canceled at any time by submitting a cancelation request through the STS Portal. 

Will the school system get to choose which EDR service they use? What are the options?

Yes, the school system will make their own decision as to which option on the MSS they are requesting. The current EDR options under MSS are:

  1. SentinelOne or Crowdstrike as the vendor.
  2. Shared or Dedicated Console Access. Both options include 24/7 monitoring and configuration support.
  3. Dedicated Managed Consoles are available from both vendors for school systems that have purchased additional modules from the MSS EDR vendor.  

Will the funding cover an existing EDR?

The Cybersecurity Initiative funding will only cover EDR licenses through the DIR MSS program if you currently use one of the EDR vendors available from DIR MSS and you meet the student enrollment requirements, please work with your vendor and DIR to migrate your license to the MSS program.

How long will this program be funded for?

Texas legislative leadership has consistently supported these critical initiatives by incorporating the program into ÁñÁ«ÊÓÆÁ’s ongoing budget. As with all ÁñÁ«ÊÓÆÁ funding, legislative approval is required every two years during the regular session. Once school systems are enrolled in the EDR service and licenses have been allocated, funding for EDR will continue as part of ÁñÁ«ÊÓÆÁ’s budget cycle. Additional K-12 Cybersecurity Initiative services may be added or discontinued based on available funding and legislative priorities.  â€¯    

Would EDR replace my existing traditional anti-virus?

Yes. Both SentinelOne and CrowdStrike include Next-Generation Antivirus (NGAV) capabilities as part of their endpoint protection platforms. These NGAV features go beyond traditional antivirus by using AI, machine learning, and behavioral analysis to detect and prevent both known and unknown threats, including ransomware and fileless attacks. 

What happens after the 2-year funding period?

The funding for the K-12 Cybersecurity Initiative was originally requested as an exception item to ÁñÁ«ÊÓÆÁ’s appropriations.  However, once the exception item was approved, it was moved into ÁñÁ«ÊÓÆÁ’s ongoing appropriations bill pattern (i.e. part of the regular budget), which provides a strong foundation for stability and continuity.  The best way to help ensure continued legislative support is by actively participating in the program and utilizing the available services. 

What happens if funds are not renewed?

If the Texas Legislature decides to discontinue funding for the initiative, school systems will be provided with sufficient time to determine whether they wish to continue the services independently or discontinue them. Should a school system choose to continue, the associated costs would be their responsibility. Adequate notice will be given to ensure school systems have time to make informed decisions. Schools have the option to cancel the service at any time.  

Is there a maximum size for participation?

All school systems are eligible for:

  • ESC assistance with cybersecurity initiatives
  • Texas Cybersecurity Framework (TCF) assessments. 

EDR Eligibility: School systems with 50,000 student enrollment or less are eligible for EDR. 
This will allow us to potentially provide EDR services to 98% of our school systems. 

Are charter schools eligible?

Yes, Charter schools are considered a Local Education Agency (LEA) and are eligible for the program.

Would school systems with student enrollment above 50K get any discounts or offers with this initiative?

School systems with over 50K enrollment will not initially be eligible for receiving EDR licenses through the program. However, these school systems may leverage all the other resources, to include technical assistance, provided by the K-12 Cybersecurity Initiative. Changes to the EDR license limitation are subject to change to meet the goals of the initiative, so please stay informed via the Cybersecurity Coordinator Forums and official ÁñÁ«ÊÓÆÁ communications.

Is EDR only for servers, central office/admin, and teaching staff?

The guidance for deployment with your available licenses is to focus on higher-risk and impact devices first. ÁñÁ«ÊÓÆÁ recommends starting with servers first, then central office staff with elevated privileges and access to financial or sensitive information. Finally, any remaining licenses could be used by teaching staff according to risk level.

Is there a minimum number of licenses for smaller school systems that have a higher staff-to-student ratio?

To accommodate smaller school systems that have varying staff to student ratios, we are allowing a minimum of 30 licenses for any LEA below an enrollment of 100.

Why are school Systems having to approve and accept financial billing verbiage in the Inter-Local Contract?

There are no costs to your school system for the  K-12 Cybersecurity initiatives – they will be fully funded by ÁñÁ«ÊÓÆÁ. If you intend to only utilize the ÁñÁ«ÊÓÆÁ funded services (EDR, Assessments, etc.), you can forgo the financial section of the Inter-Local Contract (ILC). Signing the Inter-Local Contract (ILC) does not commit you to any purchases or any costs. It just provides the framework for you to make a purchase when you are ready and able to pay the corresponding costs.

There are other MSS services on the State plan that could incur a cost but they would be handled through a separate request and you would have the ability to review and approve those costs before any services were implemented. (Ex; If your LEA wanted to purchase a SIEM or Firewall)

Signing the InterLocal Contract (ILC) does not commit you to any purchases or any costs. It just provides the framework for you to make a purchase when you are ready and able to pay the corresponding costs.

Will State Government have access to my EDR data?

The Managed Security Provider will have access to EDR logs for monitoring purposes only. The State cybersecurity operations center will have access to the metadata of the logs for monitoring and filtering as well. ÁñÁ«ÊÓÆÁ and ESCs will not have access to any EDR logs, but will receive aggregated metrics.

What if my school system has an EDR solution but it is not managed? Can we have MSS MSP manage the alerts?

Yes. If the school system is using SentinelOne or CrowdStrike, then the school system can move into the EDR Service. If the school system's EDR console is not currently in the GovCloud, a reinstall of agents may be required. The EDR Service is fully managed by the MSS vendor.

If the school system uses another vendor, SAIC can monitor and alert on those events (if the school system sends them to SAIC via the SOC Services), but SAIC cannot manage a different vendor solution. If school systems has extra modules for S1 or CS, the school system could use the ÁñÁ«ÊÓÆÁ funding for the EDR licenses under MSS Custom EDR.

The school system would have to pay the vendor directly (separately) for the extra modules.

Is the NDR pilot program on pause for new participants?

Yes, enrollment in the NDR pilot is closed while we evaluate the current participation and the available funding.

  Print
Contact Information

For more information contact:

Texas Department of Information Resources CISO Office at DIRSecurity@dir.texas.gov

ÁñÁ«ÊÓÆÁ K12 Cybersecurity Team k12cyber@tea.texas.gov