The U.S. Department of Education has announced its intention to issue revised guidance concerning the Dear Colleague guidance letter on Third-Party Servicer requirements and delay the effective date until at least six months after the revision is published.
The Biden Administration has released a National Cybersecurity Strategy, a comprehensive plan to address the most pressing cybersecurity issues. The National Cybersecurity Strategy does not explicitly include policies for higher education, but some policies may open or strengthen opportunities for institutions to participate in federally funded cybersecurity programs.
Colleges and universities are not subject to the law requiring cyber incident reporting to the Cybersecurity and Infrastructure Security Agency (CISA). However, details of the agency's regulatory process, starting with its recent request for information, are worth noting, given their general implications for federal policy on cyber incident reporting.