1. If an LEA qualifies for the program and chooses to buy extra endpoints with their own budget, are they allowed to do that, and if so, are they under the same console? Yes, there will need to be two separate demands when requesting the service in the portal. One demand will direct billing to TEA, the other to the LEA. Any LEA will be able to purchase via the DIR-MSS program. The LEA will get the same service and pricing as TEA and the rest of the MSS participants. LEAs will be billed on a monthly basis for services purchased through the MSS.

2. Is the TX K12 Cybersecurity Initiative mandatory for LEAs? Leveraging resources provided by the TX K12 Cybersecurity Initiative is not required, however in order to reduce risk of data loss and availability of LEA data, it is strongly encouraged for all LEAs to prioritize implementing the following cybersecurity controls between September 2023 and August 2025:
• Implement fully managed Endpoint Detection and Response (EDR) on LEA servers and applicable staff devices.
• Implement Multi-Factor Authentication (MFA) on staff email systems.
• Implement email protocol security configurations (DMARK/DKIM/SPF).
• Restrict local admin access.

3. Will the LEA be able to make their own changes to the admin console or would they have to go through DIR Managed Service Provider (MSP) to remediate false positives or change configurations?
With the Standard EDR managed service, each LEA will be able to work with DIR's MSP to make configuration changes to the EDR admin console. With the standard EDR managed service, LEAs will have access to a read-only EDR dashboard. If LEAs purchase the custom EDR option, LEAs will be able to modify EDR administrative configurations, however, the LEA will be fully responsible for the operation and maintenance of the EDR administrative console and endpoints. The custom option will only manage the alerting coming from the EDR service.

4. What if the LEA signs up but then decides not to use the service? The first step is signing the Inter-Local agreement to be able to request services from DIR's STS portal. Signing the Inter-Local doesn't commit you to continue through the process of requesting the EDR service or assessment through the STS portal.

5. Will the LEA get to choose which EDR service they use? What are the options? Yes, the LEA will make their own decision as to which option on the MSS they are requesting. The current EDR options under MSS are:
(1) Standard Fully Managed CrowdStrike - Management of Alerting and O&M provided by MSP
(2) Standard Fully Managed SentinelOne - Management of Alerting and O&M provided by MSP
(3) Custom Managed Crowdstrike - Management of Alerting provided by vendor, logs shared with MSP
(4) Custom Managed SentinelOne - Management of Alerting provided by vendor, logs shared with MSP

6. Will the funding cover an existing EDR? The Cybersecurity Initiative funding will only cover EDR licenses through the DIR MSS program starting September 1, 2023. If you currently use one of the EDR vendors available from DIR MSS and you meet initative student enrollment requirements, please work with your vendor and DIR to migrate your license through the MSS program after September 1st.

7. How long will this program be funded for? Funding has been provided for FY 2024 & 2025 which is September 1, 2023 through August 31, 2025. We encourage all LEAs to prioritize a budget for EDR, as it is a necessary control to have in place to reduce risk of significant cyber events.

8. Would EDR replace my existing traditional anti-virus? Yes, EDR builds on the functionality of traditional anti-virus to add more complex methods of threat analysis to detect malicious activity as it's occurring on a device.

9. What happens after the 2-year funding period? If funding is not renewed by the Texas Legislature, you may continue with the same service provided by DIR's STS, but will be responsible for the cost of the service. You may also cancel the service.

10. Is there a maximum size for participation? Currently, we are limiting eligibility to LEAs with 15,000 student enrollment or less. This will allow us to potentially provide services to 93% of our LEAs.

11. Are charter schools eligible? Yes, Charter schools are considered a Local Education Agency (LEA) and are eligible for the program.

12. Would LEAs with student enrollment above 15K get any discounts or offers with this initiative? LEAs with over 15K enrollment will not initially be eligible for receiving EDR licenses through the program. However, these LEAs may leverage all the other resources, to include technical assistance, provided by the K-12 Cybersecurity Initiative. Changes to the EDR license limitation are subject to change to meet the goals of the initiative, so please stay informed via the Cybersecurity Coordinator Forums and official TEA communication.

13. Is EDR only for servers, central office/admin, and teaching staff? The guidance for deployment with your available licenses is to focus on higher-risk and impact devices first. TEA recommends starting with servers first, then central office staff with elevated privileges and access to financial or sensitive information. Finally, any remaining licenses could be used by teaching staff according to risk level.

14. Is there a minimum number of licenses for smaller LEAs that have a higher staff-to-student ratio? To accommodate smaller LEAs that have varying staff to student ratios, we are allowing a minimum of 30 licenses for any LEA below an enrollment of 300.

15. Why are LEAs having to approve and accept financial billing verbiage in the Inter-Local Agreement? There are no costs to your LEA for the EDR funded services – they will be fully funded by TEA. If you intend to only utilize the TEA funded services (EDR, Assesments, etc.), you can forgo the financial section of the Inter-Local Agreement. Signing the Inter-Local Contract (ILC) does not commit you to any purchases or any costs. It just provides the framework for you to make a purchase when you are ready and able to pay the corresponding costs.

There are other MSS services on the State plan that could incur a cost but they would be handled through a separate request and you would have the ability to review and approve those costs before any services were implemented. (Ex; If your LEA wanted to purchase a SIEM or Firewall)

Signing the InterLocal Contract (ILC) does not commit you to any purchases or any costs. It just provides the framework for you to make a purchase when you are ready and able to pay the corresponding costs.

16. Will State Government have access to my EDR data? The Managed Security Provider will have access to EDR logs for monitoring purposes only. The State cybersecurity operations center will have access to the metadata of the logs for monitoring and filtering as well. TEA and ESCs will not have access to any EDR logs, but will receive aggregated metrics.

17. What if my LEA has an EDR solution but it is not managed? Can we have MSS MSP manage the alerts? The answer is Yes. It has a few conditions. If they are using SentinelOne or CrowdStrike, then they can move into the EDR Service (S1 would be a quick migration, CS would require a reinstall of agents). The EDR Service is fully managed by AT&T.

If they have some other vendor, we can monitor and alert on those events (if they send them to us via the EMA Service), but we cannot manage a different vendor solution. If they have extra modules for S1 or CS, they could use the TEA funding (per TEA’s FAQ document) for the EDR licenses under MSS Custom EDR.

They would have to pay the vendor directly (separately) for the extra modules.

Contact Information

For more information contact:

Texas Department of Information Resources CISO Office at DIRSecurity@dir.texas.gov

Texas Education Agency Cybersecurity team Cybersecurity@tea.texas.gov