Content begins below.

  • CMMC Program Rule Finalized

    The U.S. Department of Defense released the final regulations for its Cybersecurity Maturity Model Certification (CMMC) Program on October 15, 2024. The DOD reconfirmed the exclusion of fundamental research from CMMC program requirements and added concepts to help institutions meet the requirements.

  • A Policy Update from the 2024 EDUCAUSE Annual Conference

    Host Jenay Robert talks legislative updates with Jarret Cummings, EDUCAUSE Senior Advisor for Policy and Government Relations. They dive into the new web and mobile app accessibility regulations, proposed cyber incident reporting rules, research cybersecurity issues, and what to expect in 2025.

  • Kids Online Safety and Privacy Act Passes Senate, House Committee Passes New Version

    • Jen Ortega
    • October 28, 2024

    In July and September, the U.S. Senate and House of Representatives moved the Kids Online Safety and Privacy Act through each chamber. Although the bill passed in the Senate and advanced out of the House Energy and Commerce Committee, its future remains uncertain, especially given that Congress will be in session for only a few more days this year.

  • Cautious Optimism on OSTP Research Cybersecurity Requirements

    The Office of Science and Technology Policy has released its final requirements for research security programs, which federal research funding agencies will have to apply to colleges and universities that average $50 million or more per year in federal research grants. The requirements include potentially positive guidelines for research cybersecurity at covered institutions.

  • Spring 2024 Regulatory Agenda Highlights

    The Biden administration released the Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions on July 5. The Regulatory Agenda provides insights on the regulatory activities under development across federal departments and agencies and includes updates on several regulations that EDUCAUSE has been monitoring.

  • EDUCAUSE Pushes Back on Proposed Cyber Incident Reporting Regulations

    Several higher education associations joined EDUCAUSE in responding to proposed federal regulations mandating cyber incident reporting. Among other key points, the associations argued that the issuing agency, CISA, intends to apply vague requirements to higher education without consulting the higher education community or considering the impacts of the requirements.

  • Web and Mobile App Accessibility Regulations

    The U.S. Department of Justice published its final regulation on web and mobile application accessibility under Title II of the Americans with Disabilities Act in the Federal Register on April 24. The regulation goes into effect for large public entities on April 26, 2026, and for small public entities on April 26, 2027.

  • FCC Issues Net Neutrality Final Rule

    Last month, the Federal Communications Commission (FCC) issued the anticipated final rule to reclassify broadband internet access as a telecommunications service under Title II of the Communications Act, thus reestablishing the FCC's 2015 net neutrality regulations. The rule goes into effect on July 22, 2024.

  • The Kids Online Safety Act Faces an Unclear Future

    In early 2024, the Senate garnered enough support to potentially pass the Kids Online Safety Act—a major privacy law focused on content moderation for minors. Though the bill does not seem to cover higher education institutions, the EDUCAUSE Policy team will be asking for clarification about whether certain scenarios would create compliance concerns for colleges and universities.

  • {{item.listSponsoredContentLabel}}

    • {{:: item.listDate }}
    • {{:: icon.iconTitle }}