NAICU Washington Update

Education Department Holds Cybersecurity Meeting with Higher Education Stakeholders

November 21, 2019

The Department of Education recently convened a meeting with multiple higher education stakeholders, including NAICU, to discuss cybersecurity issues related to the federal student aid programs. The meeting is intended to be the first step in establishing a new information security compliance framework in collaboration with colleges and universities.
The cybersecurity meeting follows several years of efforts, led by EDUCAUSE, to persuade the Department to clarify its approach to information security in higher education. In 2017, the Federal Student Aid (FSA) office sent breach notification and information security reporting compliance letters to multiple institutions of higher education. These letters, which were sent to college presidents based on unconfirmed media reports alleging data breaches, raised significant concerns about whether FSA was acting within the scope of its legal authority.
In response to the FSA letters, EDUCAUSE submitted detailed comments to the agency citing problematic aspects of its compliance action and requesting further clarification about FSA’s authority and approach. EDUCAUSE also requested that FSA work collaboratively with the higher education community “to more effectively define FSA’s data breach notification and information security program reporting requirements.”
NAICU will continue to engage in this effort and will provide additional updates as events warrant.

MORE News from NAICU