The K-12 education sector is a unique sector that continues to be the target of cyber security threats. A growing misconception is that large organisations are the main target of hackers; however, the attack surface of K-12 schools is often greater than large organisations and small, medium enterprises (SME), given the numbers of students. Schools are tasked with protecting against cyber threats; however, existing frameworks are often complex and inappropriate for the education sector. This paper presents a novel cybersecurity self-assessment tool for Australian K-12 schools to assess their compliance with the National Institute of Standards and Technology – Cybersecurity Framework (NIST CSF)