Contributing Editor: Jarret Cummings, Senior Advisor for Policy and Government Relations, EDUCAUSE
The 2024 election has come and gone, and Washington awaits a second Trump administration and a Republican-controlled Congress. Meanwhile, the outcomes of several regulatory policies that are important to the higher education IT community remain uncertain.
The U.S. Department of Defense released the final regulations for its Cybersecurity Maturity Model Certification (CMMC) Program on October 15, 2024. The DOD reconfirmed the exclusion of fundamental research from CMMC program requirements and added concepts to help institutions meet the requirements.
After over a year in limbo, the U.S. Department of Education is taking steps to formally rescind its "Dear Colleague Letter" that attempted to apply its third-party servicer regulations to higher education institutions and their content, software, systems, and services providers.
Host Jenay Robert talks legislative updates with Jarret Cummings, EDUCAUSE Senior Advisor for Policy and Government Relations. They dive into the new web and mobile app accessibility regulations, proposed cyber incident reporting rules, research cybersecurity issues, and what to expect in 2025.
In July and September, the U.S. Senate and House of Representatives moved the Kids Online Safety and Privacy Act through each chamber. Although the bill passed in the Senate and advanced out of the House Energy and Commerce Committee, its future remains uncertain, especially given that Congress will be in session for only a few more days this year.
The Office of Science and Technology Policy has released its final requirements for research security programs, which federal research funding agencies will have to apply to colleges and universities that average $50 million or more per year in federal research grants. The requirements include potentially positive guidelines for research cybersecurity at covered institutions.
The Biden administration released the Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions on July 5. The Regulatory Agenda provides insights on the regulatory activities under development across federal departments and agencies and includes updates on several regulations that EDUCAUSE has been monitoring.
Several higher education associations joined EDUCAUSE in responding to proposed federal regulations mandating cyber incident reporting. Among other key points, the associations argued that the issuing agency, CISA, intends to apply vague requirements to higher education without consulting the higher education community or considering the impacts of the requirements.
The U.S. Department of Justice published its final regulation on web and mobile application accessibility under Title II of the Americans with Disabilities Act in the Federal Register on April 24. The regulation goes into effect for large public entities on April 26, 2026, and for small public entities on April 26, 2027.
Last month, the Federal Communications Commission (FCC) issued the anticipated final rule to reclassify broadband internet access as a telecommunications service under Title II of the Communications Act, thus reestablishing the FCC's 2015 net neutrality regulations. The rule goes into effect on July 22, 2024.
