Contributing Editor: Jarret Cummings, Senior Advisor for Policy and Government Relations, EDUCAUSE
While higher education is not covered by a pending rulemaking on cyber incident reporting, EDUCAUSE is monitoring the process given the possibility that colleges and universities could face a similar requirement in the future.
The National Telecommunications and Information Administration has taken the first steps in implementing the broadband programs of the Infrastructure Investment and Jobs Act.
A comprehensive privacy bill has cleared a House committee for the first time, but its flaws on federal preemption and a private right of action may limit its prospects. The way the bill handles exceptions for existing laws is also concerning for higher education.
The Safeguards Rule audit objective for the federal single audit remains unchanged for the FY22 audit process. It will likely change in future years, however, to align with the new Safeguards Rule requirements that take effect in December.
Helen Norris, EDUCAUSE board chairperson and Chapman University CIO, testified to a Senate committee about higher education cybersecurity challenges and what the federal government could do to help.
EDUCAUSE is working with its members and partners to engage the White House on the problematic approach to research cybersecurity included in its recent research security guidance.
Congress included cyber incident reporting legislation in its FY22 appropriations bill that recently became law. However, the legislation focuses solely on entities in the well-established "critical infrastructure" sectors, which exclude higher education.
The Federal Trade Commission (FTC) has proposed adding a reporting requirement to its Safeguards Rule. EDUCAUSE and its partners recommend that the FTC adopt a few revisions (e.g., delaying the public release of any Safeguards Rule security event report for one year from the submission date).
The Federal Trade Commission (FTC) is seeking public comments on whether to require institutions that are subject to its Safeguards Rule, which includes colleges and universities, to report certain security events to it.
The Federal Trade Commission (FTC) has released a revised version of the Safeguards Rule. The revised Rule will impose many new requirements on institutional cybersecurity operations in relation to student financial aid and other "customer" information.
