View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

ED/FSA RIN: 1845-AA25 Publication ID: Fall 2023 
Title: ●Cybersecurity Standards for Institutions of Higher Education to Comply With EO 13556 and NIST 800-171 
Abstract:

The Department relies on schools participating in the federal student financial assistance programs and other grant programs under the Higher Education Act (HEA) to help carry out a wide range of business functions. Schools routinely process, store, and transmit Controlled Unclassified Information (CUI), which includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and information. The protection of sensitive data while residing in school information systems is of paramount importance to the Department.

To assure schools properly protect CUI, as required by Executive Order 13556, and the regulations at 32 CFR part 2002 which require non-Federal entities handling CUI to implement NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171), the Department plans to propose to regulate on information security requirements.

 
Agency: Department of Education(ED)  Priority: Other Significant 
RIN Status: First time published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: Undetermined  Unfunded Mandates: Undetermined 
CFR Citation: None     (To search for a specific CFR, visit the Code of Federal Regulations.)
Legal Authority: 20 U.S.C. 1090    15 U.S.C. 6801 et seq.    E.O. 13556   
Legal Deadline:  None
Timetable:
Action Date FR Cite
NPRM  10/00/2024 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Undetermined 
Federalism: Undetermined 
Included in the Regulatory Plan: No 
RIN Data Printed in the FR: No 
Agency Contact:
David Musser
Department of Education
Office of Federal Student Aid
1990 K Street NW,
Washington, DC 20006
Phone:202 377-3900
Email: david.musser@ed.gov