KADERA
Dashboard Districts Assessments Reports Vendors Renewals E-rate
Break glass
JR
Vulnerability & Risk Management
How the district finds weaknesses, fixes them on a clock, and governs the risk that's left.
Capture progress
8 of 9 fields captured
Maturity preview · Developing
Vulnerability & risk management tools
Scanners, EASM platforms, patch tooling, and risk-register systems in use. The F1–F9 questions below score the program — this section is the concrete tool list the program runs on.
Inventory
Tool

Asset awareness

You can't patch what you don't know you have. Hardware visibility comes from your tech stack inventory.

Linked to tech stack inventory · 32 hardware units across 6 categories

Vulnerability discovery

Authenticated scanning across the assets in F1.

Continuous discovery of internet-facing assets — including ones IT may have lost track of.

F4Penetration test cadence

Internal or external network pen test by a qualified third party.

Patch management

Good = Critical 24–72h, High 7d, Medium 30d. Aggressive SLA on internet-facing devices (firewalls, VPN gateways) is its own bar.

F6Patch coverage by device class

Which classes have automated patching in place today.

Risk governance & third-party

Good = maintained register, board-reviewed annually, mapped to mitigation owners.

Whether the district tracks measurable cyber risk indicators over time (open vulns by severity, patch SLA compliance, MFA coverage trend, training completion, phish click rate).

F9Vendor / third-party risk management

Covers SaaS vendors (PowerSchool pattern), MSPs, and OT vendors with persistent district access (cross-references Endpoint F13).

Notes