Presented by DataServ at OASBO’s 69th Annual Conference & Expo 2025

Every student deserves a safe and engaging learning environment. At DataServ, we believe schools should be free to focus on teaching and learning—without the constant burden of cybersecurity threats. This resource page recaps the key points from our OASBO presentation, providing guidance and clarity for K-12 leaders navigating Ohio’s cybersecurity expectations and the NIST Cybersecurity Framework (CSF).

Why Cybersecurity Matters More Than Ever

Cyberattacks on schools are increasing, and districts face rising pressure to:

• Comply with emerging legislation like Ohio Revised Code 9.64

• Meet cyber insurance requirements

• Protect sensitive data and IT infrastructure

New Ohio Legislation: What You Need to Know

Ohio’s Revised Code 9.64 outlines key requirements for K-12 cybersecurity programs:

• Must be based on nationally recognized frameworks (e.g., NIST CSF)

• Require clear processes for risk assessment, threat detection, incident response, and communication

• Include mandatory employee training and compliance with data protection laws

The Safe Harbor Law further reinforces that districts demonstrating alignment with these frameworks may receive legal protections in the event of a breach.

The NIST Cybersecurity Framework: Simplified for K-12

The NIST CSF 2.0, updated in 2024, provides a flexible, risk-based approach to cybersecurity through five core functions:

1. Identify

Understand what needs protection:

• Inventory devices, applications, and data

• Define roles and responsibilities

• Assess risk (including third-party vendors)

2. Protect

Safeguard your systems and information:

• Implement identity and access controls

• Conduct employee training

• Use firewalls, endpoint protection, and encryption

3. Detect

Catch threats before they cause damage:

• Monitor for anomalies and suspicious activity

• Use automated detection tools

• Define clear investigation procedures

4. Respond

Minimize the impact of incidents:

• Maintain a response plan

• Communicate with stakeholders

• Investigate and document root causes

• Learn and improve from every incident

5. Recover

Bounce back quickly and stronger:

• Develop a recovery and continuity plan

• Test backups and restore data safely

• Update processes based on lessons learned

Govern (Cross-cutting Function)

Embed cybersecurity into strategic decision-making:

• Align with district goals

• Manage risk across departments and vendors

• Formalize processes, communication, and documentation

Getting Started: Assessment is Key

Not sure where to begin? Start with a cybersecurity assessment to identify gaps and understand your current maturity level. Whether you’re at the beginning of your journey or refining advanced protections, knowing your baseline is the first step toward a resilient cyber strategy.

Key Takeaway: Cybersecurity Is Everyone’s Job

It’s not just about tech. Effective cybersecurity includes:

• People: Awareness, training, role clarity, and exercises (e.g., phishing simulations)

• Processes: Clear procedures, governance, and accountability

• Technology: Layered protections tailored to your district’s needs

Want Help Navigating Your Journey?

Whether you’re just getting started or need support implementing a full NIST-aligned strategy, DataServ is here to help. Our team supports:

• 200+ districts

• 15,000+ access points

• 17,000+ VoIP endpoints

• Over 200,000 students served daily

• And much more!

Fill out the form below and one of our tech experts will reach out to you!