View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

ED/FSA RIN: 1845-AA25 Publication ID: Fall 2024 
Title: Cybersecurity Standards for Institutions of Higher Education to Comply With EO 13556 and NIST 800-171 

The Department relies on schools participating in the federal student financial assistance programs and other grant programs under the Higher Education Act of 1965, as amended (HEA), to help carry out a wide range of business functions. Schools routinely process, store, and transmit Controlled Unclassified Information (CUI), which includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and information. The protection of sensitive data while residing in school information systems is of paramount importance to the Department.  To assure schools properly protect CUI, as required by Executive Order 13556, and the regulations at 32 CFR part 2002 which require non-Federal entities handling CUI to implement NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST 800-171), the Department plans to propose to regulate on information security requirements.

Agency: Department of Education(ED)  Priority: Other Significant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: Undetermined  Unfunded Mandates: Undetermined 
CFR Citation: None     (To search for a specific CFR, visit the Code of Federal Regulations.)
Legal Authority: 20 U.S.C. 1090    15 U.S.C. 6801 et seq.    E.O. 13556   
Legal Deadline:  None
Action Date FR Cite
NPRM  01/00/2025 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Undetermined 
Federalism: Undetermined 
Included in the Regulatory Plan: No 
RIN Data Printed in the FR: No 
Agency Contact:
Brian Schelling
Department of Education
400 Maryland Avenue SW,
Washington, DC 20202
Phone:202 987-0443