Protect your district with NEOnet's proven security solutions. Complete compliance with Ohio's new cybersecurity requirements while safeguarding student data and educational resources.
Explore Security SolutionsA Practical Guide to HB 96 Compliance and Audit Preparation
| Requirements | Deadline | NEOnet Offering | Notes |
|---|---|---|---|
1 Develop and adopt a formal cybersecurity programAlign with NIST/CIS; includes assessing critical functions, threat detection, incident response, recovery, training | Sept 30, 2025 | NIST Cohort + Security Stack Suite | NEOnet supports building compliant cybersecurity frameworks NEOnet; program must include all key componentsrisk identification, detection, response, etc. |
2 Implement ransomware response policyRequire board resolution before paying ransom, explicitly stating why payment is in the district’s best interest | Sept 30, 2025 | NEOnet Security Stack. Policy templates | Key for governance and compliance |
3 Establish incident reporting proceduresReport to OCIC within 7 days and Auditor of State within 30 days of discovering a cybersecurity incident | Sept 30, 2025 | NEOnet Guidance | NEOnet links to Ohio Cyber Incident Reporting Guidance NEOnet; law specifies exactly these reporting timelines |
4 Confidentiality of cybersecurity-related recordsProgram documentation, incident reports, and procurement details should be exempt from public records | Sept 30, 2025 | NEOnet’s Hosted Infrastructure, Policy awareness training, Cyber Reserve, NIST Cohort | NEOnet’s managed environment helps secure sensitive data; legal confidentiality requirements are stated in HB 96 |
5 Provide cybersecurity awareness trainingFor staff based on roles | Sept 30, 2025 | TechGuard Security Awareness Training | Aligns with “human firewall” concept NEOnet; included in program expectations |
6 Deploy endpoint protection, MFA, email filtering, secure backup | Sept 30, 2025 | Sophos MDR, MiniOrange (SSO/MFA), Abnormal Security, NEOnet’s backup/hosted servers | Aligns with technology controls required by NIST/CIS NEOnet |
7 Conduct risk assessments, define critical functions, plan recovery/offsite backup | Sept 30, 2025 | Cyber Reserve + NIST Cohort | Risk framework must include these elements |
8 Prepare for compliance audit by Auditor of StateAssessments begin July 1, 2026 | Audit window starts July 1, 2026 | NEOnet Cyber Security Posture | AOS will audit based on your implemented program |
Define and document Personally Identifiable Information storage locations. Prohibit PII on personal devices.
Implement endpoint protection and data encryption for all devices containing PII.
Deploy comprehensive backup strategy with offsite protection capabilities.
Obtain cyber liability insurance and implement security awareness training programs.
Develop cybersecurity program based on NIST CSF/CIS controls. Must identify critical functions, assess impacts, detect threats, and define incident-response procedures. Compliance audits begin July 1, 2026.
Amend policies to prohibit payment or compliance with ransomware demands unless board approves payment via resolution explaining why payment is in district's best interest.
Establish procedures to report cybersecurity incidents to OCIC within 7 days and to Auditor of State within 30 days. Must maintain records and ensure confidentiality.
Draft policy limiting cellphone use during school hours. Model policy available 60 days after Sept 30, 2025. Must incorporate into emergency management plans.
Form committee to study AI use. Monitor ODEW model policy (available Dec 31, 2025) and draft local policy addressing appropriate AI use by students and staff.
Adopt policy authorizing students to attend release-time religious instruction at least once per week with proper caps, parental consent, and record-keeping requirements.
NEOnet Standard Offering
$16.77 per user/year
FREE for member districts
$42/endpoint, $58/server (2 years)
FREE to all districts
No charge to NEOnet customers
Questions about compliance? Our team of cybersecurity experts is ready to help your district navigate Ohio's new requirements and implement comprehensive protection.
