The Department of Education has implemented three priority open recommendations that were identified by the Government Accountability Office (GAO) in April 2019, including improving information security.
The three recommendations that Education has implemented since last year include:
- Analyzing civil rights data by school types and groupings to understand patterns of disparities at K-12 schools;
- Moving to eliminate recertification lapses for borrowers in Federal student loan Income-Dive Repayment plans; and
- Improving information security for students receiving financial aid.
In total, GAO identified eight priority open recommendations last year and have identified one additional priority open recommendation in April of 2020, leaving six recommendations currently open. These recommendations fall into three major areas:
- Protecting the investment in higher education;
- Ensuring the well-being and education of the nation’s school-age children; and
- Improving cybersecurity.
“To protect against cyber threats to their systems and data, Federal law and policies emphasize that agencies – including Education – take a risk-based approach to cybersecurity,” GAO wrote.
By August 21, 2020, Education plans to develop and fully implement a cybersecurity risk management strategy. The strategy will define risk tolerance and define acceptable risk response strategies. Education has updated its Cybersecurity Risk Management Framework in March 2020, but it “does not define in detail acceptable risk response strategies” such as acceptance, avoidance, mitigation, and transfer, or how they are selected.