🔒
FERPA
Family Educational Rights and Privacy Act
Protect student education records and prove access control, vendor agreements, audit logging, and breach notification procedures are in place.
Access ControlAudit LoggingVendor DPAsData RetentionBreach Notification
🛡
CIPA
Children's Internet Protection Act
Maintain E-Rate funding eligibility by documenting content filtering, internet safety policies, student monitoring, and annual safety education.
Content FilteringSafety PolicyMonitoringBYOD CoverageStudent Education
⚡
NIST CSF 2.0
Cybersecurity Framework + NIST 800-171
Establish a cybersecurity posture across all six functions: Govern, Identify, Protect, Detect, Respond, and Recover — with optional 800-171 mapping.
GovernIdentifyProtectDetectRespondRecover
🎓
IDEA / SPED
Individuals with Disabilities Education Act
Track IEP timelines, evaluation deadlines, parent rights, transition planning, and discipline procedures — with TEA audit prep mode built in.
IEP Timelines60-Day Eval RuleParent RightsLRE DocsCAP Tracker
⭐ New
⚕
HIPAA
Health Insurance Portability & Accountability Act
Privacy Rule, Security Rule, and Breach Notification Rule coverage for clinics, dental offices, therapists, school health, and any organization handling PHI.
Risk AnalysisAccess ControlsBAA ManagementEncryptionBreach Response
⭐ New
💳
PCI-DSS 4.0
Payment Card Industry Data Security Standard
All 12 PCI-DSS 4.0 requirements for any business that accepts credit cards — retail, restaurants, e-commerce, auto dealers, law firms, and nonprofits.
Network SecurityCardholder DataMFAVulnerability TestingLogging
💬
ESL / ELL
English Language Learner Program Compliance
Title III, LPAC requirements, parent notification, and TEA reporting for districts serving English Language Learner students.
HLS at EnrollmentLPAC CommitteeTELPASExit Criteria
♿
Section 504
Section 504 of the Rehabilitation Act
Identification, evaluation, plan development, and procedural safeguards for students with disabilities who don't qualify under IDEA.
504 CoordinatorEvaluation ProcessAccommodationsParent Rights
⭐
Gifted & Talented
Texas 19 TAC Chapter 89.2 G/T Compliance
Identification, annual nomination process, 30-hour teacher training, state allotment compliance, and PEIMS reporting for G/T programs.
Nomination Process30-Hr TrainingPEIMS ReportingAnnual Review
📋
CAP
Corrective Action Plan Compliance
TEA monitoring findings, OCR complaint resolution, due process remediation, and post-closure sustainability tracking for districts under corrective action.
TEA FindingsOCR ComplaintsDue ProcessRoot Cause
🔒
K12 SIX ECP
Essential Cybersecurity Protections
14-control framework built by K-12 IT practitioners. The most practical K-12 cybersecurity standard, covering network safety, access management, and incident response.
MFADNS FilteringBackupsIncident Response
⚖
Title IX
Sex Discrimination Compliance
Coordinator designation, grievance procedures, training records, and incident documentation — one of the most actively enforced federal mandates in K-12.
CoordinatorGrievanceTrainingRecords
🔒
COPPA
Children's Online Privacy
Governs collection of personal data from students under 13. Covers parental consent, vendor management, data retention, and EdTech operator obligations.
Parental ConsentVendor MgmtData Retention
🛡
CISA CPGs
Cybersecurity Performance Goals
CISA's cross-sector cybersecurity goals increasingly referenced in state audits and FCC Cybersecurity Pilot applications. ~40 actionable controls.
Account SecurityPatchingIncident Response
📜
PPRA
Protection of Pupil Rights
Parental consent for surveys, data collection, and marketing research. Covers annual notification, inspection rights, and opt-out procedures.
SurveysParental RightsAnnual Notice
♿
Title II ADA
Americans with Disabilities Act
Digital accessibility (WCAG 2.1 AA), facilities compliance, grievance procedures, and program accessibility for students and staff with disabilities.
Web AccessibilityFacilitiesGrievance
🛡
CIS Controls v8.1
Center for Internet Security
56 controls across Implementation Groups IG1-IG3. The gold standard for enterprise cybersecurity, mapped to NIST CSF and K12 SIX for comprehensive coverage.
Asset InventoryVuln MgmtPen Testing
💰
EDGAR
Federal Grant Compliance
Education Department General Administrative Regulations for Title I, Title II, and ESSER funds. Covers allowable costs, procurement, reporting, and subrecipient monitoring.
Title IESSERProcurement
📊
SDPC
Student Data Privacy Consortium
National Data Privacy Agreement framework for EdTech vendor management. Covers data governance, vendor contracts, student rights, and breach notification.
NDPAVendor ContractsData Rights
👷
OSHA
Workplace Safety
OSHA standards for K-12 school operations including written safety programs, hazard communication, bloodborne pathogens, emergency action plans, and OSHA 300 logs.
Safety ProgramBloodborne PathogensOSHA 300
🇺🇸
Texas HB 3834
Texas Student Data Privacy
Texas-specific student data privacy law governing collection, vendor contracts, security safeguards, breach notification, and parent rights for Texas districts.
Data InventoryVendor ContractsBreach Notice
💵
Title I
Improving Basic Programs
ESSA Title I compliance covering comparability, supplement not supplant, parent engagement policies, school-parent compacts, and fiscal management.
ComparabilityParent EngagementFiscal Mgmt
🏠
McKinney-Vento
Homeless Student Services
Federal law ensuring students experiencing homelessness have equal access to education. Covers identification, immediate enrollment, transportation, and liaison duties.
IdentificationEnrollmentTransportation
🚨
TEC Chapter 37
Student Discipline
Texas Education Code Chapter 37 covering DAEP placement, expulsion procedures, threat assessment teams, disproportionality monitoring, and code of conduct requirements.
DAEPThreat AssessmentDisproportionality
🎓
TEC Chapter 29
Special Programs
Texas Education Code Chapter 29 covering bilingual/ESL education, special education ARD procedures, gifted and talented identification, dyslexia services, and pre-K eligibility.
Bilingual/ESLARDDyslexia
💸
ESSER / ARP
COVID Relief Fund Compliance
ESSER I, II, and III / ARP fund compliance still actively audited by TEA through 2026. Covers allowable expenditures, set-asides, procurement, reporting, and closeout deadlines.
Allowable CostsSet-AsidesCloseout
📈
TEA Financial Accountability
FIRST Rating Compliance
Texas FIRST financial integrity indicators, budget adoption timelines, annual audit submission, PEIMS financial reporting, and competitive bidding requirements.
FIRST RatingAnnual AuditPEIMS