CISA Sets New K-12 Software Security Pledge


The Cybersecurity and Infrastructure Security Agency (CISA) has created a new “voluntary pledge” for K-12 educational software makers to focus on creating products that will put cybersecurity at the heart of their design.

Six of the largest technology companies in the education sector have committed to the pledge announced on Sept. 5. Those include PowerSchool, Classlink, Clever, GG4L, Instructure, and D2L, CISA said.

“We need to address K-12 cybersecurity issues at its foundation by ensuring schools and administrators have access to technology and software that is safe and secure right out of the box,” said CISA Director Jen Easterly.

By signing the pledge, companies will agree to adopt three key principles. Those are to take ownership of customer security outcomes, to embrace radical transparency and accountability, and to lead from the top by prioritizing secure technology for company leadership.

“The pledge includes specific, publicly measurable outcomes that the companies are committing to as they develop their roadmaps toward adhering to Secure by Design principles,” CISA said.

“Our pledge commitments that we made are part of our ongoing efforts to help our customers and partners mitigate cybersecurity threats,” said John Baker, CEO at D2L. “Together, we can work to protect our K-12 schools, educators, students, and their families, freeing them to focus on what matters most: teaching and learning.”

CISA is encouraging other companies and software developers to take the pledge and help drive the goal of improving security in their products.

“I want to thank Classlink, Clever, D2L, GG4L, Instructure, and PowerSchool, who have already signed this pledge and for their leadership in this area,” stated Easterly.

“We need all K-12 software manufacturers to help us improve cybersecurity for the education sector by committing to prioritize security as a critical element of product development,” the CISA director said.