Virginia's K-12 Tailored Cyber Risk Solution
Simplified Compliance, Amplified Security!
Virginia school districts rely on technology just like any business—but with fewer resources and higher stakes. Between limited staff, growing cybersecurity threats, and strict rules like FERPA, CIPA, COPPA, CJIS and Virginia’s own requirements (e.g. Va. Code §22.1-287.02, Va. Code §18.2-186.6, etc.), the pressure is nonstop.
That’s why we built a smarter, simpler way to help Virginia districts stay secure and compliant—without the stress or the high price tag. Peace of mind is now practical. Get the tools, guidance, and protection your schools need, all in one easy-to-use platform.
Only 2% of School Districts We Engage With Are Compliant With Federal and State Cyber Requirements
Virginia's students and staff deserve uncompromised and sustainable cybersecurity
Laws & Regulations
Federal
FERPA (34 CFR Part 99)
Confidentiality of education records; annual notices; access controls; disclosure logs; staff training
Confidentiality of education records; annual notices; access controls; disclosure logs; staff training
PPRA (20 U.S.C. §1232h)
Notice/consent for certain surveys, marketing, or sensitive data collection
Notice/consent for certain surveys, marketing, or sensitive data collection
IDEA Part B (34 CFR §§300.610–.627)
Notice/consent for certain surveys, marketing, or sensitive data collection
Notice/consent for certain surveys, marketing, or sensitive data collection
CIPA (47 U.S.C. §254)
Internet safety policy; content filtering & monitoring; online safety/cyberbullying education
Internet safety policy; content filtering & monitoring; online safety/cyberbullying education
HIPAA/FERPA guidance
Treat school health records under FERPA; define exceptions
Treat school health records under FERPA; define exceptions
FBI CJIS Security Policy
Technical, physical, and personnel controls; audits; training for districts with police presence
Technical, physical, and personnel controls; audits; training for districts with police presence
State
Va. Code §22.1-70.2
Acceptable Internet Use Policies – Local boards must review, amend, and approve AUPs every two years; post policies; ensure compliance with CIPA/E-Rate.
Acceptable Internet Use Policies – Local boards must review, amend, and approve AUPs every two years; post policies; ensure compliance with CIPA/E-Rate.
Va. Code §22.1-287.02
Student Records & PII – Implement DOE policies on student PII; restrict access; notify parents of improper disclosures; govern research data requests.
Student Records & PII – Implement DOE policies on student PII; restrict access; notify parents of improper disclosures; govern research data requests.
Va. Code §22.1-289.01
School Service Providers & Devices – Ensure contracts with operators/vendors include prohibitions on targeted advertising, enforce security standards, permit parental access/deletion, and cover school-issued devices.
School Service Providers & Devices – Ensure contracts with operators/vendors include prohibitions on targeted advertising, enforce security standards, permit parental access/deletion, and cover school-issued devices.
Va. Code §22.1-279.8
School Safety Audits & Crisis Plans – Conduct annual safety audits; adopt crisis, emergency management, and medical emergency response plans for each school; coordinate with law enforcement.
School Safety Audits & Crisis Plans – Conduct annual safety audits; adopt crisis, emergency management, and medical emergency response plans for each school; coordinate with law enforcement.
Va. Code §22.1-79.4
Threat Assessment Teams – Establish threat assessment teams at each school; adopt policies; train members; document cases; follow VCSCS model policies.
Threat Assessment Teams – Establish threat assessment teams at each school; adopt policies; train members; document cases; follow VCSCS model policies.
Va. Code §2.2-3705.2
FOIA Exemptions (Security Records) – Apply FOIA exemptions for school security records, safety audits, and IT system vulnerabilities.
FOIA Exemptions (Security Records) – Apply FOIA exemptions for school security records, safety audits, and IT system vulnerabilities.
Va. Code §18.2-186.6
Breach Notification (Personal Information) – Notify affected VA residents and the Attorney General without unreasonable delay after breach determination; vendor obligations apply.
Breach Notification (Personal Information) – Notify affected VA residents and the Attorney General without unreasonable delay after breach determination; vendor obligations apply.
Va. Code §32.1-127.1:05
Breach Notification (Medical Information) – For entities supported by public funds (e.g., school divisions with student health records): notify AG, Health Commissioner, affected individuals/residents without unreasonable delay.
Breach Notification (Medical Information) – For entities supported by public funds (e.g., school divisions with student health records): notify AG, Health Commissioner, affected individuals/residents without unreasonable delay.
NOTE: Let’s make this a great resource for everyone. If we are missing any legislation, please send us a quick note to [email protected]
Build a safer, stronger future for your Virginia schools with Minerva EDU.
With rising cybersecurity threats and new state mandates like Va. Code §18.2-186.6, K–12 IT teams need more than technical tools—they need clear communication with leadership.
Minerva EDU bridges that gap. Use familiar visuals, plain-language reporting, and board-ready insights to help your district manage cyber risk and meet Virginia’s evolving standards — without overwhelming your team.
Minerva EDU bridges that gap. Use familiar visuals, plain-language reporting, and board-ready insights to help your district manage cyber risk and meet Virginia’s evolving standards — without overwhelming your team.
We Protect Virginia Schools!
Visit our The Corner (Insights & Answers) our blog and FAQ for helpful tips, expert guidance, and answers to common questions. Curious about the value we deliver? Try our ROI Calculator at the bottom of our EDU page to see how much your district could save while improving cybersecurity.
Ready to get started? Let's Go!
Send us a quick message and we will contact you within 24 hours to discuss your cybersecurity needs and/or schedule a free 30 min. consultation with a subject matter expert. There is no better time to take control of your cybersecurity program than today.
