
Our intention is to partner and collaborate with IHEs, and other organizations, to enhance the resilience and maturity across IHEs by establishing a cybersecurity baseline, sharing information, and overseeing compliance with NIST 800–171 Rev. The self-assessment effort will help the Department determine the cybersecurity posture, maturity, and future compliance of each IHE with NIST 800–171 and other cybersecurity requirements. In 2021, FSA plans to initiate a self-assessment effort to understand the IHE community’s readiness to comply with NIST 800–171 Rev 2. We further encourage use of NIST 800–171 Rev. Since 2018, many institutions have adopted some or all of the NIST 800–171 recommended requirements. 2 as a security standard and to support continuing obligations under the Gramm-Leach-Bliley Act (GLBA). FSA has previously encouraged IHEs to review and adopt NIST 800–171 Rev.

Department of Education (Department) comply with NIST 800–171 Rev. Part 2002 and the federal government-wide requirement that institutions receiving CUI from the U.S. Institutions’ compliance is in accordance with 32 C.F.R. This Electronic Announcement is meant to inform IHEs and their third-party servicers about upcoming activities to ensure compliance with NIST 800–171 Rev. We are committed to fully advancing and encouraging all postsecondary institutions implementation of NIST 800-171 controls. 2, Controlled Unclassified Information in Nonfederal Systems (NIST 800–171 Rev. A multi-year phased implementation will begin with a self-assessment of the National Institute of Standards and Technology Special Publication 800–171 Rev.

FSA is finalizing the Campus Cybersecurity Program framework. As instances of data and information breaches rise, it is vital that institutions of higher education (IHEs) protect Controlled Unclassified Information (CUI) used in the administration of federal student aid programs authorized under Title IV, of the Higher Education Act, as amended 1.
