On December 29, 2023, draft forms for the Federal Communications Commission’s proposed cybersecurity pilot program were submitted for review by the Office of Management and Budget (OMB.) While most draft forms closely resemble E-rate and Emergency Connectivity Program forms, including Forms 470, 471, 472, and 474, two new Forms are proposed for the pilot program. The FCC Form 484, Schools and Libraries Cybersecurity Pilot Program Application, would contain information about how applicants “would use the Pilot funds and providing information about their proposed Cybersecurity Pilot project.” The FCC Form 488, Schools and Libraries Cybersecurity Pilot Program Post-Commitment Change Request, would allow Pilot participants to request approval of certain project changes after a funding commitment has been issued.
The draft FCC Form 484 requests a considerable amount of information about an applicant’s cybersecurity posture and practices, including:
- Name, address, and contact information for the interested school or library. For school district or library system applicants, the name and address of all schools/libraries within the district/system, and contact information for the district or library system.
- Geographic and demographic information to assist in processing the application.
- Information about the applicant’s participation in the E-Rate program, if any.
- Description of the Pilot participant’s current cybersecurity posture, including any cybersecurity services and equipment the applicant already has in place, how the school or library is currently managing and addressing its current cybersecurity risk and a description of its existing and/or proposed cybersecurity program or framework.
- Description of the cybersecurity threats or attacks faced by the applicant, including the date range of the incident, the duration and impact of the threats or attacks, and information about the malicious cyber actors that perpetrated the threats or attacks, if known.
- Description of the applicant’s proposed use of the Cybersecurity Pilot Program funding to protect its broadband networks and data and improve its ability to address K-12 cyber concerns. Description of any data the applicant will require service providers to track, measure, and collect to assess the cost-effectiveness of the Cybersecurity Pilot Program-funded cybersecurity services and equipment.
- Description of any data the applicant will required service providers to track, measure, and collect to assess the applicant’s cybersecurity posture, awareness, and readiness.
- Description of how the applicant plans to track, measure, and collect information about the impact the Cybersecurity Pilot Program funding has on the applicant’s cybersecurity posture.
- A listing of mandatory free or low-cost cybersecurity resources the applicant expects its service providers to implement and utilize.
The draft Forms may be viewed on the OMB’s website here, and a supporting statement explaining data collection practices may be viewed here.