Administrator. The term “Administrator” means the Universal Service Administrative Company.

Applicant. An “applicant” is a school, library, or consortium of schools and/or libraries that applies to participate in the Schools and Libraries Cybersecurity Pilot Program.

Billed entity. A “billed entity” is the entity that remits payment to service providers for services rendered to eligible schools, libraries, or consortia of eligible schools and libraries.

Commission. The term “Commission” means the Federal Communications Commission (FCC).

Connected device. The term “connected device” means a laptop or desktop computer, or a tablet.

Consortium. A “consortium” is any local, Tribal, statewide, regional, or interstate cooperative association of schools and/or libraries eligible for Schools and Libraries Cybersecurity Pilot Program support that seeks competitive bids for eligible services or funding for eligible services on behalf of some or all of its members. A consortium may also include health care providers eligible under subpart G of this part, and public sector (governmental) entities, including, but not limited to, state colleges and state universities, state educational broadcasters, counties, and municipalities, although such entities are not eligible for support.

Cyber incident. An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate or eliminate the consequences.

Cyber threat. A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

Cyberattack. An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system or information integrity.

Doxing. The act of compiling or publishing personal information about an individual on the internet, typically with malicious intent.

Educational purposes. For purposes of this subpart, activities that are integral, immediate, and proximate to the education of students, or in the case of libraries, integral, immediate, and proximate to the provision of library services to library patrons, qualify as “educational purposes.”

Elementary school. An “elementary school” means an elementary school as defined in 20 U.S.C. 7801(18), a non-profit institutional day or residential school, including a public elementary charter school, that provides elementary education, as determined under state law.

Library. A “library” includes:

(1) A public library;

(2) A public elementary school or secondary school library;

(3) A Tribal library;

(4) An academic library;

(5) A research library, which for the purpose of this subpart means a library that:

(i) Makes publicly available library services and materials suitable for scholarly research and not otherwise available to the public; and

(ii) Is not an integral part of an institution of higher education; and

(6) A private library, but only if the state in which such private library is located determines that the library should be considered a library for the purposes of this definition.

Library consortium. A “library consortium” is any local, statewide, Tribal, regional, or interstate cooperative association of libraries that provides for the systematic and effective coordination of the resources of schools, and public, academic, and special libraries and information centers, for improving services to the clientele of such libraries. For the purposes of this subpart, references to library will also refer to library consortium.

National School Lunch Program. The “National School Lunch Program” is a program administered by the U.S. Department of Agriculture and state agencies that provides free or reduced price lunches to economically disadvantaged children. A child whose family income is between 130 percent and 185 percent of applicable family size income levels contained in the nonfarm poverty guidelines prescribed by the Office of Management and Budget (OMB) is eligible for a reduced price lunch. A child whose family income is 130 percent or less of applicable family size income levels contained in the nonfarm income poverty guidelines prescribed by OMB is eligible for a free lunch.

Pilot participant. A “Pilot participant” is an eligible school, library, or consortium of eligible schools and/or libraries selected to participate in the Schools and Libraries Cybersecurity Pilot Program.

Pre-discount price. The “pre-discount price” means, in this subpart, the price the service provider agrees to accept as total payment for its eligible services and equipment. This amount is the sum of the amount the service provider expects to receive from the eligible school, library, or consortium, and the amount it expects to receive as reimbursement from the Schools and Libraries Cybersecurity Pilot Program for the discounts provided under this subpart.

Secondary school. A “secondary school” means a secondary school as defined in 20 U.S.C. 7801(38), a non-profit institutional day or residential school, including a public secondary charter school, that provides secondary education, as determined under state law except that the term does not include any education beyond grade 12.

Tribal. An entity is “Tribal” if it is a school operated by or receiving funding from the Bureau of Indian Education (BIE), or if it is a school or library operated by any Tribe, Band, Nation, or other organized group or community, including any Alaska native village, regional corporation, or village corporation (as defined in, or established pursuant to, the Alaska Native Claims Settlement Act (43 U.S.C. 1601 et seq.) that is recognized as eligible for the special programs and services provided by the United States to Indians because of their status as Indians.

(a) Cap. The Schools and Libraries Cybersecurity Pilot Program shall have a cap of $200 million.

(b) Pilot participant budgets. Each Pilot participant will be subject to a specific budget. Budgets are specified in terms of annualized dollar amounts, but participants' expenses are capped based on the full three-year duration of the Pilot and participants may seek reimbursement for more than the annual budget for any given Pilot Program year, so long as the total amount disbursed over the three-year term does not exceed three times the applicable annual budget.

(1) Schools. At a minimum, each eligible school or school district will receive a pre-discount budget of $15,000 annually. Schools and school districts with 1,100 students or fewer will be eligible to receive the annual pre-discount $15,000 funding floor. For schools and school districts with more than 1,100 students, the annual budget is calculated using the pre-discount $13.60 per-student multiplier, subject to an annual pre-discount budget maximum of $1.5 million.

(2) Libraries. Each eligible library will receive a pre-discount budget of $15,000 annually up to 11 libraries/sites. For library systems with more than 11 libraries/sites, the budget will be up to $175,000 pre-discount annually.

(3) Consortia. Consortia comprised of eligible schools and libraries will be eligible to receive funding based on student count, using the pre-discount $13.60 per-student multiplier and $1.5 million pre-discount funding caps, and the number of library sites, using the pre-discount $15,000 annual per-library budget and $175,000 pre-discount funding caps. Consortia solely comprised of eligible schools or comprised of both eligible schools and libraries are subject to the pre-discount annual $1.5 million budget maximum for schools and school districts. Consortia solely comprised of eligible libraries will be subject to the pre-discount annual $175,000 budget maximum for library systems.

(c) Duration. The Schools and Libraries Cybersecurity Pilot Program shall make funding available to applicants selected to participate in the Pilot for three years, to begin when the applicants selected to participate in the Pilot are first eligible to receive eligible services and equipment (i.e., from the date of the first funding commitment decision letter).

(d) Rules of prioritization. If total demand for the Schools and Libraries Cybersecurity Pilot Program exceeds the Pilot Program cap of $200 million, funding will be made available as follows:

(1) Schools and libraries eligible for a 90 percent discount shall receive first priority for funds, as determined by the schools and libraries discount matrix in § 54.2007. Funding shall next be made available for schools and libraries eligible for an 80 percent discount, then for a 70 percent discount, and continuing at each descending discount level until there are no funds remaining.

(2) If funding is not sufficient to support all of the funding requests within a particular discount level, funding will be allocated at that discount level using the percentage of students eligible for the National School Lunch Program (NSLP). Thus, if there is not enough support to fund all requests at the 90 percent discount level, funding shall be allocated beginning with those applicants with the highest percentage of NSLP eligibility for that discount level, and shall continue at each descending percentage of NSLP until there are no funds remaining.

(a) Schools. (1) Only schools meeting the definition of “elementary school” or “secondary school”, as defined in § 54.2000, and not excluded under paragraph (a)(2) or (3) of this section, shall be eligible for discounts on supported services under this subpart.

(2) Schools operating as for-profit businesses shall not be eligible for discounts under this subpart.

(3) Schools with endowments exceeding $50,000,000 shall not be eligible for discounts under this subpart.

(b) Libraries. (1) Only libraries eligible for assistance from a State library administrative agency under the Library Services and Technology Act (20 U.S.C. 9122) and not excluded under paragraph (b)(2) or (3) of this section shall be eligible for discounts under this subpart.

(2) Except as provided in paragraph (b)(4) of this section, a library's eligibility for discounts under this subpart shall depend on its funding as an independent entity. Only libraries whose budgets are completely separate from any schools (including, but not limited to, elementary and secondary schools, colleges, and universities) shall be eligible for discounts as libraries under this subpart.

(3) Libraries operating as for-profit businesses shall not be eligible for discounts under this subpart.

(4) A Tribal college or university library that serves as a public library by having dedicated library staff, regular hours, and a collection available for public use in its community shall be eligible for discounts under this subpart.

(c) Consortia—(1) Consortium Leader. Each consortium seeking support under this subpart must identify an entity or organization that will lead the consortium (the “Consortium Leader”). The Consortium Leader may be an eligible school or library participating in the consortium; a state organization; public sector governmental entity, including a Tribal government entity; or a non-profit entity that is ineligible for support under this subpart. Ineligible state organizations, public sector entities, or non-profit entities may serve as Consortium Leaders or provide consulting assistance to consortia only if they do not participate as potential service providers during the competitive bidding process. An ineligible entity that serves as the Consortium Leader must pass through the full value of any discounts, funding, or other program benefits secured to the eligible schools and libraries that are members of the consortium.

(2) For consortia, discounts under this subpart shall apply only to the portion of eligible services and equipment used by eligible schools and libraries.

(3) Service providers shall keep and retain records of rates charged to and discounts allowed for eligible schools and libraries on their own or as part of a consortium. Such records shall be available for public inspection.

(a) Supported services and equipment. All supported services and equipment are identified in the Schools and Libraries Cybersecurity Pilot Program Eligible Services List (see § 54.502(a)), available on the FCC's website at https://www.fcc.gov/cybersecurity-pilot/cybersecurity-pilot-eligible-services-list. The services and equipment in this subpart will be supported in addition to all reasonable charges that are incurred by taking such services, such as state and Federal taxes. Charges for termination liability, penalty surcharges, and other charges not included in the cost of taking such service shall not be covered by universal service support.

(b) Prohibition on resale. Eligible supported services and equipment shall not be sold, resold, or transferred in consideration of money or any other thing of value, until the conclusion of the Schools and Libraries Cybersecurity Pilot Program, as provided in § 54.2001.

(a) Selection window. The Wireline Competition Bureau shall announce the opening of the Pilot Participant Selection Application Window for applicants to submit a Schools and Libraries Pilot Participant Selection Application.

(b) Participant announcement. The Wireline Competition Bureau shall announce those eligible applicants who have been selected to participate in the Schools and Libraries Cybersecurity Pilot Program following the close of the Pilot Participant Selection Application Window.

(c) Filing the FCC Form 484 to be considered for selection in the Pilot Program. (1) Schools, libraries, or consortia of eligible schools and libraries to be considered for participation in the Schools and Libraries Cybersecurity Pilot Program shall submit the first part of an FCC Form 484 to the Administrator, via a portal established by the Administrator, that contains, at a minimum, the following information:

(i) Name, entity number, FCC registration number, employer identification number, addresses, and telephone number for each school, library, and consortium member that will participate in the proposed Pilot project, including the identity of the lead site for any proposals involving a consortium.

(ii) Contact information for the individual(s) who will be responsible for the management and operation of the proposed Pilot project, including name, title or position, telephone number, mailing address, and email address.

(iii) Applicant number(s) and entity type(s), including Tribal information, if applicable, and current E-Rate participation status and discount percentage, if applicable.

(iv) A broad description of the proposed Pilot project, including a description of the applicant's goals and objectives for the proposed Pilot project, a description of how Pilot funding will be used for the proposed project, and the cybersecurity risks the proposed Pilot project will prevent or address.

(v) The cybersecurity equipment and services the applicant plans to request as part of its proposed project, the ability of the project to be self-sustaining once established, and whether the applicant has a cybersecurity officer or other senior-level staff member designated to be the cybersecurity officer for its Pilot project.

(vi) Whether the applicant has previous experience implementing cybersecurity protections or measures, how many years of prior experience the applicant has, whether the applicant has experienced a cybersecurity incident within a year of the date of its application, and information about the applicant's participation or planned participation in cybersecurity collaboration and/or information-sharing groups.

(vii) Whether the applicant has implemented, or begun implementing, any U.S. Department of Education (Education Department) or Cybersecurity and Infrastructure Security Agency (CISA) best practices recommendations, a description of any Education Department or CISA free or low-cost cybersecurity resources that an applicant currently utilizes or plans to utilize, or an explanation of what is preventing an applicant from utilizing these available resources.

(viii) An estimate of the total costs for the proposed Pilot project, information about how the applicant will cover the non-discount share of costs for the Pilot-eligible services, and information about other cybersecurity funding the applicant receives, or expects to receive, from other Federal, state, local, or Tribal programs or sources.

(ix) Whether any of the ineligible services and equipment the applicant will purchase with its own resources to support the eligible cybersecurity equipment and services it plans to purchase with Pilot funding will have any ancillary capabilities that will allow it to capture data on cybersecurity threats and attacks, any free or low-cost cybersecurity resources that the applicant will require service providers to include in their bids, and whether the applicant will require its selected service provider(s) to capture and measure cost-effectiveness and cyber awareness/readiness data.

(x) A description of the applicant's proposed metrics for the Pilot project, how they align with the applicant's cybersecurity goals, how those metrics will be collected, and whether the applicant is prepared to share and report its cybersecurity metrics as part of the Pilot Program.

(2) The first part of the FCC Form 484 shall be signed by a person authorized to submit the application to participate in the Schools and Libraries Cybersecurity Pilot Program on behalf of the eligible school, library, or consortium including such entities. The person authorized to submit the first part of the FCC Form 484 application on behalf of the entities listed on an FCC Form 484 shall also certify under oath that:

(i) “I am authorized to submit this application on behalf of the above-named applicant and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this form has been examined and is true, accurate, and complete. I acknowledge that any false statement on this application or on any other documents submitted by this applicant can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, this applicant is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this application, I certify that the information contained in this form is true, complete, and accurate, and the projected expenditures, disbursements, and cash receipts are for the purposes and objectives set forth in the terms and conditions of the Federal award. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The applicant recognizes that it may be audited pursuant to its application, that it will retain for ten years any and all records related to its application, and that, if audited, it shall produce such records at the request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission and its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(v) “I certify and acknowledge, under penalty of perjury, that if selected, the schools, libraries, and consortia in the application will comply with all applicable Schools and Libraries Cybersecurity Pilot Program rules, requirements, and procedures, including the competitive bidding rules and the requirement to pay the required share of the costs for the supported items from eligible sources.”

(vi) “I certify under penalty of perjury, to the best of my knowledge, that the schools, libraries, and consortia listed in the application are not already receiving or expecting to receive other funding (from any source, federal, state, Tribal, local, private, or other) that will pay for the same equipment and/or services, or the same portion of the equipment and/or services, for which I am seeking funding under the Schools and Libraries Cybersecurity Pilot Program.”

(vii) “I certify under penalty of perjury, to the best of my knowledge, that all requested equipment and services funded by the Schools and Libraries Cybersecurity Pilot Program will be used for their intended purposes.”

(d) Filing the FCC Form 484 once selected to be in the Pilot Program. (1) Schools, libraries, or consortia of eligible schools and libraries selected for participation in the Schools and Libraries Cybersecurity Pilot Program shall submit to the Administrator, via a portal established by the Administrator, a second part to the FCC Form 484 that contains, at a minimum, the following information, as applicable:

(i) Information about correcting known security flaws and conducting routine backups, developing and exercising a cyber incident response plan, and any cybersecurity changes or advancements the participant plans to make outside of the Pilot-funded services and equipment.

(ii) A description of the participant's current cybersecurity posture, including how the school or library is currently managing and addressing its current cybersecurity risks through prevention and mitigation tactics.

(iii) Information about a participant's planned use(s) for other Federal, state, or local cybersecurity funding (i.e., funding obtained outside of the Pilot).

(iv) Information about a participant's history of cybersecurity threats and attacks within a year of the date of its application; the date range of the incident, a description of the unauthorized access; a description of the impact to the school or library, a description of the vulnerabilities exploited and the techniques used to access the system, and identifying information for each actor responsible for the incident, if known.

(v) A description of the specific U.S. Department of Education or Cybersecurity and Infrastructure Security Agency best practices recommendations that the participant has implemented or begun to implement.

(vi) Information about a participant's current cybersecurity training policies and procedures, such as the frequency with which a participant trains its school and library staff and, separately, information about student cyber training sessions, and participation rates.

(vii) Information about any non-monetary or other challenges a participant may be facing in developing a more robust cybersecurity posture.

(2) The second part of the FCC Form 484 shall be signed by a person authorized to submit the second part as a participant in the Schools and Libraries Cybersecurity Pilot Program on behalf of the eligible school, library, or consortium including such entities. The person authorized to submit the second part of the FCC Form 484 application on behalf of the Pilot participants listed on an FCC Form 484 shall also certify under oath that:

(i) “I am authorized to submit this application on behalf of the above-named participant and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this form has been examined and is true, accurate, and complete. I acknowledge that any false statement on this application or on other documents submitted by this participant can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, this participant is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this application, I certify that the information contained in this form is true, complete, and accurate, and the projected expenditures, disbursements, and cash receipts are for the purposes and objectives set forth in the terms and conditions of the Federal award. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The participant recognizes that it may be audited pursuant to its application, that it will retain for ten years any and all records related to its application, and that, if audited, it shall produce such records at the request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission and its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(v) “I certify and acknowledge, under penalty of perjury, that if selected, the schools, libraries, and consortia in the application will comply with all applicable Schools and Libraries Cybersecurity Pilot Program rules, requirements, and procedures, including the competitive bidding rules and the requirement to pay the required share of the costs for the supported items from eligible sources.”

(vi) “I certify under penalty of perjury, to the best of my knowledge, that the schools, libraries, and consortia listed in the application are not already receiving or expecting to receive other funding (from any source, federal, state, Tribal, local, private, or other) that will pay for the same equipment and/or services, or the same portion of the equipment and/or services, for which I am seeking funding under the Schools and Libraries Cybersecurity Pilot Program.”

(vii) “I certify under penalty of perjury, to the best of my knowledge, that all requested equipment and services funded by the Schools and Libraries Cybersecurity Pilot Program will be used for their intended purposes.”

(3) In order for a school, library, or consortia of eligible schools and libraries selected for participation in the Schools and Libraries Cybersecurity Pilot Program to retain its status as a Pilot participant and receive Pilot Program support, it will be required to submit the information required by the second part of the FCC Form 484 in the form specified by the Wireline Competition Bureau.

(4) The Wireline Competition Bureau may waive, reduce, modify, or eliminate from the second part of the FCC Form 484, information requirements that prove unnecessary for the sound and efficient administration of the Pilot.

(5) Failure to submit the information required by the second part of the FCC Form 484 may result in removal as a participant in the Pilot Program and/or a referral to the Enforcement Bureau.

(e) Data reporting requirements for participants. (1) In order for a Pilot participant to receive and continue receiving Pilot Program support and retain its status as a Pilot participant, it will be required to submit initial and annual reports, followed by a final report at the completion of the program with the information and in the form specified by the Wireline Competition Bureau.

(2) Prior to the start of the Pilot Program, the Wireline Competition Bureau shall announce the timing and form of the initial, annual, and final reports that Pilot participants must submit.

(3) The Wireline Competition Bureau may waive, reduce, modify, or eliminate Pilot participant reporting requirements that prove unnecessary and require additional reporting requirements that the Bureau deems necessary to the sound and efficient administration of the Pilot.

(4) Failure to submit initial, annual, and final reports may result in a referral to the Enforcement Bureau, a hold on future disbursements, recission of committed funds, and/or recovery of disbursed funds.

[89 FR 61315, July 30, 2024]

(a) Fair and open competitive bidding process. All participants in the Schools and Libraries Cybersecurity Pilot Program must conduct a fair and open competitive bidding process, consistent with all requirements set forth in this subpart.

Note to Paragraph (a): The following is an illustrative list of activities or behaviors that would not result in a fair and open competitive bidding process: the participant seeking supported services has a relationship with a service provider that would unfairly influence the outcome of a competition or would furnish the service provider with inside information; someone other than the participant or an authorized representative of the participant prepares, signs, and submits the FCC Form 470 and certification; a service provider representative is listed as the FCC Form 470 contact person and the participant allows that service provider to participate in the competitive bidding process; the service provider prepares the participant's FCC Form 470 or participates in the bid evaluation or vendor selection process in any way; the participant turns over to a service provider the responsibility for ensuring a fair and open competitive bidding process; a participant employee with a role in the service provider selection process also has an ownership interest in the service provider seeking to participate in the competitive bidding process; and the participant's FCC Form 470 does not describe the supported services with sufficient specificity to enable interested service providers to submit responsive bids.

(b) Competitive bid requirements. All participants in the Schools and Libraries Cybersecurity Pilot Program shall seek competitive bids, pursuant to the requirements established in this subpart, for all services and equipment eligible for support under § 54.2003, except as provided in paragraph (f) of this section. These competitive bidding requirements apply in addition to any applicable state, Tribal, and local competitive bidding requirements and are not intended to preempt such state, Tribal, or local requirements.

(c) Posting of FCC Form 470. (1) Participants in the Schools and Libraries Cybersecurity Pilot Program shall submit a completed FCC Form 470 to the Administrator to initiate the competitive bidding process. The FCC Form 470 shall include, at a minimum, the following information:

(i) A list of specified services and/or equipment for which the school, library, or consortium requests bids; and

(ii) Sufficient information to enable bidders to reasonably determine the needs of the applicant.

(2) The FCC Form 470 shall be signed by a person authorized to request bids for eligible services and equipment for the eligible school, library, or consortium, including such entities, and shall include that person's certification under penalty of perjury that:

(i) “I am authorized to submit this application on behalf of the above-named participant in the Schools and Libraries Cybersecurity Pilot Program and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this form has been examined and is true, accurate, and complete. I acknowledge that any false statement on this application or on other documents submitted by this participant can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, this participant is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this application, I certify that the information contained in this form is true, complete, and accurate. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The schools meet the definition of “elementary school” or “secondary school”, as defined in § 54.2000, do not operate as for-profit businesses, and do not have endowments exceeding $50,000,000.

(v) Libraries or library consortia eligible for assistance from a State library administrative agency under the Library Services and Technology Act of 1996 do not operate as for-profit businesses and, except for the limited case of Tribal college or university libraries, have budgets that are completely separate from any school (including, but not limited to, elementary and secondary schools, colleges, and universities).

(vi) The services and/or equipment that the school, library, or consortium purchases at discounts will not be sold, resold, or transferred in consideration for money or any other thing of value, except as allowed by § 54.2003(b).

(vii) The school(s) and/or library(ies) listed on this FCC Form 470 will not accept anything of value, other than services and equipment sought by means of this form, from the service provider, or any representatives or agent thereof, or any consultant in connection with this request for services.

(viii) All bids submitted for eligible equipment and services will be carefully considered, with price being the primary factor, and the bid selected will be for the most cost-effective service offering consistent with paragraph (e) of this section.

(ix) The school, library, or consortium acknowledges that support under the Schools and Libraries Cybersecurity Pilot Program is conditional upon the school(s) and/or library(ies) securing access, separately or through this program, to all of the resources necessary to effectively use the requested equipment and services. The school, library, or consortium recognizes that some of the aforementioned resources are not eligible for support and certifies that it has considered what financial resources should be available to cover these costs.

(x) “I will retain required documents for a period of at least 10 years (or whatever retention period is required by the rules in effect at the time of this certification) after the later of the last day of the applicable Pilot Program year or the service delivery deadline for the associated funding request. I also certify that I will retain all documents necessary to demonstrate compliance with the statute (47 U.S.C. 254) and Commission rules regarding the form for, receipt of, and delivery of equipment and services receiving Schools and Libraries Cybersecurity Pilot Program discounts. I acknowledge that I may be audited pursuant to participation in the Pilot Program.”

(xi) “I certify that the equipment and services that the participant purchases at discounts will be used primarily for educational purposes and will not be sold, resold, or transferred in consideration for money or any other thing of value, except as permitted by the Commission's rules at 47 CFR 54.2003(b). Additionally, I certify that the entity or entities listed on this form will not accept anything of value or a promise of anything of value, other than services and equipment sought by means of this form, from the service provider, or any representative or agent thereof, or any consultant in connection with this request for services.”

(xii) “I acknowledge that support under this Pilot Program is conditional upon the school(s) and/or library(ies) I represent securing access, separately or through this program, to all of the resources necessary to effectively use the requested equipment and services. I recognize that some of the aforementioned resources are not eligible for support. I certify that I have considered what financial resources should be available to cover these costs.”

(xiii) “I certify that I have reviewed all applicable Commission, state, Tribal, and local procurement/competitive bidding requirements and that the participant will comply with all applicable requirements.”

(3) The Administrator shall post each FCC Form 470 that it receives from a participant in the Schools and Libraries Cybersecurity Pilot Program on its website designated for this purpose.

(4) After posting on the Administrator's website an FCC Form 470, the Administrator shall send confirmation of the posting to the participant requesting services and/or equipment. The participant shall then wait at least 28 days from the date on which its description of services and/or equipment is posted on the Administrator's website before making any commitments with the selected providers of services and/or equipment. The confirmation from the Administrator shall include the date after which the participant may sign a contract with its chosen provider(s).

(d) Gift restrictions. (1) Subject to paragraphs (d)(3) and (4) of this section, a participant in the Schools and Libraries Cybersecurity Pilot Program may not directly or indirectly solicit or accept any gift, gratuity, favor, entertainment, loan, or any other thing of value from a service provider participating in or seeking to participate in the Schools and Libraries Cybersecurity Pilot Program. No such service provider shall offer or provide any such gift, gratuity, favor, entertainment, loan, or other thing of value except as otherwise provided in this paragraph (d). Modest refreshments not offered as part of a meal, items with little intrinsic value intended solely for presentation, and items worth $20 or less, including meals, may be offered or provided, and accepted by any individuals or entities subject to this subpart, if the value of these items received by any individual does not exceed $50 from any one service provider per year. The $50 amount for any service provider shall be calculated as the aggregate value of all gifts provided during a year by the individuals specified in paragraph (d)(2)(ii) of this section.

(2) For purposes of this paragraph (d):

(i) The term “participant in the Schools and Libraries Cybersecurity Pilot Program” includes all individuals who are on the governing boards of such entities (such as members of a school committee), and all employees, officers, representatives, agents, consultants, or independent contractors of such entities involved on behalf of such school, library, or consortium with the Schools and Libraries Cybersecurity Pilot Program, including individuals who prepare, approve, sign, or submit applications, or other forms related to the Schools and Libraries Cybersecurity Pilot Program, or who prepare bids, communicate, or work with Schools and Libraries Cybersecurity Pilot Program service providers, Schools and Libraries Cybersecurity Pilot Program consultants, or with the Administrator, as well as any staff of such entities responsible for monitoring compliance with the Schools and Libraries Cybersecurity Pilot Program; and

(ii) The term “service provider” includes all individuals who are on the governing boards of such an entity (such as members of the board of directors), and all employees, officers, representatives, agents, consultants, or independent contractors of such entities.

(3) The restrictions set forth in this paragraph (d) shall not be applicable to the provision of any gift, gratuity, favor, entertainment, loan, or any other thing of value, to the extent given to a family member or a friend working for an eligible school, library, or consortium that includes an eligible school or library, provided that such transactions:

(i) Are motivated solely by a personal relationship;

(ii) Are not rooted in any service provider business activities or any other business relationship with any such participant in the Schools and Libraries Cybersecurity Pilot Program; and

(iii) Are provided using only the donor's personal funds that will not be reimbursed through any employment or business relationship.

(4) Any service provider may make charitable donations to a participant in the Schools and Libraries Cybersecurity Pilot Program in the support of its programs as long as such contributions are not directly or indirectly related to Schools and Libraries Cybersecurity Pilot Program procurement activities or decisions and are not given by service providers to circumvent competitive bidding and other Schools and Libraries Cybersecurity Pilot Program rules in this subpart.

(e) Selecting a provider of eligible services and/or equipment. In selecting a provider of eligible services and equipment, participants in the Schools and Libraries Cybersecurity Pilot Program shall carefully consider all bids submitted and must select the most cost-effective service and equipment offerings. In determining which service and equipment offering is the most cost-effective, entities may consider relevant factors other than the pre-discount prices submitted by providers, but price must be the primary factor considered.

(f) Exemption to competitive bidding requirements. Participants in the Schools and Libraries Cybersecurity Pilot Program are not required to file an FCC Form 470 when seeking support for services and equipment purchased from Master Service Agreements negotiated by Federal, state, Tribal, or local governmental entities on behalf of such Pilot participants, if such Master Service Agreements were awarded pursuant to the E-Rate program FCC Form 470 process, as well as applicable Federal, state, Tribal, or local competitive bidding requirements.

[89 FR 61315, July 30, 2024]

(a) Filing of the FCC Form 471. (1) A participant in the Schools and Libraries Cybersecurity Pilot Program shall, upon entering into a signed contract or other legally binding agreement for eligible services and/or equipment, submit a completed FCC Form 471 to the Administrator.

(2) The FCC Form 471 shall be signed by the person authorized to order eligible services or equipment for the participant in the Schools and Libraries Cybersecurity Pilot Program and shall include that person's certification under penalty of perjury that:

(i) “I am authorized to submit this application on behalf of the above-named participant and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this application has been examined and is true, accurate, and complete. I acknowledge that any false statement on this application or on any other documents submitted by this participant can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, this participant is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this application, I certify that the information contained in this application is true, complete, and accurate, and the projected expenditures, disbursements, and cash receipts are for the purposes and objectives set forth in the terms and conditions of the Federal award. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The school meets the definition of “elementary school” or “secondary school”, as defined in § 54.2000, does not operate as a for-profit business, and does not have endowments exceeding $50,000,000.

(v) The library or library consortia is eligible for assistance from a State library administrative agency under the Library Services and Technology Act, does not operate as a for-profit business and, except for the limited case of Tribal college and university libraries, have budgets that are completely separate from any school (including, but not limited to, elementary and secondary schools, colleges, and universities).

(vi) The school, library, or consortium listed on the FCC Form 471 application will pay the non-discount portion of the costs of the eligible services and/or equipment to the service provider(s).

(vii) The school, library, or consortium listed on the FCC Form 471 application has conducted a fair and open competitive bidding process and has complied with all applicable state, Tribal, or local laws regarding procurement of the equipment and services for which support is being sought.

(viii) An FCC Form 470 was posted and that any related request for proposals (RFP) was made available for at least 28 days before considering all bids received and selecting a service provider. The school, library, or consortium listed on the FCC Form 471 application carefully considered all bids submitted and selected the most-cost-effective bid for services and equipment in accordance with § 54.2005(e), with price being the primary factor considered.

(ix) The school, library, or consortium listed on the FCC Form 471 application is only seeking support for eligible services and/or equipment.

(x) The school, library, or consortia is not seeking Schools and Libraries Cybersecurity Pilot Program support or reimbursement for the portion of eligible services and/or equipment that have been purchased and reimbursed in full or in part with other Federal, state, Tribal, or local funding, or are eligible for discounts from the schools and libraries universal service support mechanism or another universal service support mechanism.

(xi) The services and equipment the school, library, or consortium purchases using Schools and Libraries Cybersecurity Pilot Program support will be used primarily for educational purposes and will not be sold, resold, or transferred in consideration for money or any other thing of value, except as allowed by § 54.2003(b).

(xii) The school, library, or consortium will create and maintain an equipment and service inventory as required by § 54.2010(a).

(xiii) The school, library, or consortium has complied with all program rules in this chapter and acknowledges that failure to do so may result in denial of funding and/or recovery of funding.

(xiv) The school, library, or consortium acknowledges that it may be audited pursuant to its application, that it will retain for ten years any and all records related to its application, and that, if audited, it shall produce such records at the request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission and its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(xv) No kickbacks, as defined in 41 U.S.C. 8701, were paid to or received by the participant, including, but not limited to, their employees, officers, representatives, agents, independent contractors, consultants, family members, and individuals who are on the governing boards, from anyone in connection with the Schools and Libraries Cybersecurity Pilot Program or the schools and libraries universal service support mechanism.

(xvi) The school, library, or consortium acknowledges that Commission rules in this chapter provide that persons who have been convicted of criminal violations or held civilly liable for certain acts arising from their participation in the universal service support mechanisms are subject to suspension and debarment from the program. The school, library, or consortium will institute reasonable measures to be informed, and will notify the Administrator should it be informed or become aware that any of the entities listed on this application, or any person associated in any way with this entity and/or the entities listed on this application, is convicted of a criminal violation or held civilly liable for acts arising from their participation in the universal service support mechanisms.

(b) Service or equipment substitution. (1) A request by a Schools and Libraries Cybersecurity Pilot Program participant to substitute a service or piece of equipment for one identified in its FCC Form 471 must be in writing and certified under penalty of perjury by an authorized person.

(2) The Administrator shall approve such written request where:

(i) The service or equipment has the same functionality;

(ii) The substitution does not violate any contract provisions or state, Tribal, or local procurement laws; and

(iii) The Schools and Libraries Cybersecurity Pilot Program participant certifies that the requested change is within the scope of the controlling FCC Form 470.

(3) In the event that a service or equipment substitution results in a change in the pre-discount price for the supported service or equipment, support shall be based on the lower of either the pre-discount price of the service or equipment for which support was originally requested or the pre-discount price of the new, substituted service or equipment after the Administrator has approved a written request for the substitution.

(c) Mixed eligibility services and equipment. A request for discounts for services or equipment that includes both eligible and ineligible components must remove the cost of the ineligible components of the service or equipment from the request for funding submitted to the Administrator.

(d) Application filing window. The Wireline Competition Bureau will announce the opening of the Pilot Participant Selection Application Window for participants to submit FCC Form 471 applications. The filing period shall begin and conclude on dates to the determined by the Wireline Competition Bureau. The Wireline Competition Bureau may implement additional filing periods as it deems necessary.

[89 FR 61315, July 30, 2024]

(a) Discount mechanism. Discounts for participants in the Schools and Libraries Cybersecurity Pilot Program shall be set as a percentage discount from the pre-discount price.

(b) Discount percentages. The discounts available to participants in the Schools and Libraries Cybersecurity Pilot Program shall range from 20 percent to 90 percent of the pre-discount price for all eligible services provided by eligible providers. The discounts available shall be determined by indicators of poverty and urban/rurality designation.

(1) For schools and school districts, the level of poverty shall be based on the percentage of the student enrollment that is eligible for a free or reduced price lunch under the National School Lunch Program (NSLP) or a federally-approved alternative mechanism. School districts shall divide the total number of students eligible for the NSLP within the school district by the total number of students within the school district to arrive at a percentage of students eligible. This percentage rate shall then be applied to the discount matrix to set a discount rate for the supported services purchased by all schools within the school district. Independent charter schools, private schools, and other eligible educational facilities should calculate a single discount percentage rate based on the total number of students under the control of the central administrative agency.

(2) For libraries and library consortia, the level of poverty shall be based on the percentage of the student enrollment that is eligible for a free or reduced price lunch under the NSLP or a federally-approved alternative mechanism in the public school district in which they are located and should use that school district's level of poverty to determine their discount rate when applying as a library system or as an individual library outlet within that system. When a library system has branches or outlets in more than one public school district, that library system and all library outlets within that system should use the address of the central outlet or main administrative office to determine which school district the library system is in, and should use that school district's level of poverty to determine its discount rate when applying as a library system or as one or more library outlets. If the library is not in a school district, then its level of poverty shall be based on an average of the percentage of students eligible for the NSLP in each of the school districts that children living in the library's location attend.

(3) The Administrator shall classify schools and libraries as “urban” or “rural” according to the following designations. The Administrator shall designate a school or library as “urban” if the school or library is located in an urbanized area or urban cluster area with a population equal to or greater than 25,000, as determined by the most recent rural-urban classification by the Bureau of the Census. The Administrator shall designate all other schools and libraries as “rural.”

(4) Participants in the Schools and Libraries Cybersecurity Pilot Program shall calculate discounts on supported services described in § 54.2003 that are shared by two or more of their schools, libraries, or consortia members by calculating an average discount based on the applicable district-wide discounts of all member schools and libraries. School districts, library systems, or other billed entities shall ensure that, for each year in which an eligible school or library is included for purposes of calculating the aggregate discount rate, that eligible school or library shall receive a proportionate share of the shared services for which support is sought. For schools, the discount shall be a simple average of the applicable district-wide percentage for all schools sharing a portion of the shared services. For libraries, the average discount shall be a simple average of the applicable discounts to which the libraries sharing a portion of the shared services are entitled.

(c) Discount matrix. The Administrator shall use the following matrix to set the discount rate to be applied to eligible services purchased by participants in the Schools and Libraries Cybersecurity Pilot Program based on the participant's level of poverty and location in an “urban” or “rural” area.

(d) Payment for the non-discount portion of supported services and equipment. A participant in the Schools and Libraries Cybersecurity Pilot Program must pay the non-discount portion of costs for the services or equipment purchased with universal service discounts, and may not receive rebates for services or equipment purchased with universal service discounts. For the purpose of this subpart, the provision, by the provider of a supported service or equipment, of free services or equipment unrelated to the supported service or equipment constitutes a rebate of the non-discount portion of the costs for the supported services and equipment.

(a) Submission of request for reimbursement (FCC Form 472 or FCC Form 474). Consistent with the invoicing selection made by the Pilot participant, reimbursement for the costs associated with eligible services and equipment shall be provided directly to the participant, or its service provider(s), seeking reimbursement from the Schools and Libraries Cybersecurity Pilot Program upon submission and approval of a completed FCC Form 472 (Billed Entity Applicant Reimbursement Form) or a completed FCC Form 474 (Service Provider Invoice) to the Administrator.

(1) The FCC Form 472 shall be signed by the person authorized to submit requests for reimbursement for the eligible school, library, or consortium and shall include that person's certification under penalty of perjury that:

(i) “I am authorized to submit this request for reimbursement on behalf of the above-named school, library, or consortium and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this request for reimbursement has been examined and is true, accurate, and complete. I acknowledge that any false statement on this request for reimbursement or on other documents submitted by this school, library, or consortium can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, the school, library, or consortium is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this request for reimbursement, I certify that the information contained in this request for reimbursement is true, complete, and accurate, and the expenditures, disbursements, and cash receipts are for the purposes and objectives set forth in the terms and conditions of the federal award. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, sections §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The funds sought in the request for reimbursement are for eligible services and/or equipment that were purchased in accordance with the Schools and Libraries Cybersecurity Pilot Program rules and requirements in this subpart and received by the school, library, or consortium. The equipment and/or services being requested for reimbursement were determined to be eligible and approved by the Administrator.

(v) The non-discounted share of costs amount(s) were billed by the Service Provider and paid in full by the Billed Entity Applicant on behalf of the eligible schools, libraries, and consortia of those entities.

(vi) The school, library, or consortium is not seeking Schools and Libraries Cybersecurity Pilot Program reimbursement for the portion of eligible services and/or equipment that have been purchased and reimbursed in full or in part with other Federal, state, Tribal, or local funding or are eligible for discounts from the schools and libraries universal service support mechanism or other universal service support mechanisms.

(vii) The school, library, or consortium acknowledges that it must submit invoices detailing the items purchased and received along with the submission of its request for reimbursement as required by paragraph (b) of this section.

(viii) The equipment and/or services the school, library, or consortium purchased will not be sold, resold, or transferred in consideration for money or any other thing of value, except as allowed by § 54.2003(b).

(ix) The school, library, or consortium acknowledges that it may be subject to an audit, inspection, or investigation pursuant to its request for reimbursement, that it will retain for ten years any and all records related to its request for reimbursement, and will make such records and equipment purchased with Schools and Libraries Cybersecurity Pilot Program reimbursement available at the request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission and its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(x) No kickbacks, as defined in 41 U.S.C. 8701, were paid to or received by the participant, including, but not limited to, their employees, officers, representatives, agents, independent contractors, consultants, family members, and individuals who are on the governing boards, from anyone in connection with the Schools and Libraries Cybersecurity Pilot Program or the schools and libraries universal service support mechanism.

(xi) The school, library, or consortium acknowledges that Commission rules provide that persons who have been convicted of criminal violations or held civilly liable for certain acts arising from their participation in the universal service support mechanisms are subject to suspension and debarment from the program. The school, library, or consortium will institute reasonable measures to be informed, and will notify the Administrator should it be informed or become aware that any of the entities listed on this application, or any person associated in any way with this entity and/or the entities listed on this application, is convicted of a criminal violation or held civilly liable for acts arising from their participation in the universal service support mechanisms.

(xii) No universal service support has been or will be used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by any company designated by the Commission as posing a national security threat to the integrity of communications networks or the communications supply chain since the effective date of the designations.

(xiii) No Federal subsidy made available through a program administered by the Commission that provides funds to be used for the capital expenditures necessary for the provision of advanced communications services has been or will be used to purchase, rent, lease, or otherwise obtain, any covered communications equipment or service, or maintain, any covered communications equipment or service, or maintain any covered communications equipment or service previously purchased, rented, leased, or otherwise obtained, as required by § 54.10.

(2) The FCC Form 474 shall be signed by the person authorized to submit requests for reimbursement for the service provider and shall include that person's certification under penalty of perjury that:

(i) “I am authorized to submit this request for reimbursement on behalf of the above-named Service Provider and that based on information known to me or provided to me by employees responsible for the data being submitted, I hereby certify that the data set forth in this request for reimbursement has been examined and is true, accurate, and complete. I acknowledge that any false statement on this request for reimbursement or on other documents submitted by this Service Provider can be punished by fine or forfeiture under the Communications Act (47 U.S.C. 502, 503(b)), or fine or imprisonment under Title 18 of the United States Code (18 U.S.C. 1001), or can lead to liability under the False Claims Act (31 U.S.C. 3729-3733).”

(ii) “In addition to the foregoing, the Service Provider is in compliance with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program, and I acknowledge that failure to be in compliance and remain in compliance with those rules and orders may result in the denial of funding, cancellation of funding commitments, and/or recoupment of past disbursements. I acknowledge that failure to comply with the rules and orders governing the Schools and Libraries Cybersecurity Pilot Program could result in civil or criminal prosecution by law enforcement authorities.”

(iii) “By signing this request for reimbursement, I certify that the information contained in this request for reimbursement is true, complete, and accurate, and the expenditures, disbursements, and cash receipts are for the purposes and objectives set forth in the terms and conditions of the federal award. I am aware that any false, fictitious, or fraudulent information, or the omission of any material fact, may subject me to criminal, civil, or administrative penalties for fraud, false statements, false claims, or otherwise. (U.S. Code Title 18, §§ 1001, 286-287, and 1341, and Title 31, §§ 3729-3730 and 3801-3812).”

(iv) The funds sought in the request for reimbursement are for eligible services and/or equipment that were purchased in accordance with the Schools and Libraries Cybersecurity Pilot Program rules and requirements in this subpart and received by the school, library, or consortium.

(v) The Service Provider is not seeking Schools and Libraries Cybersecurity Pilot Program reimbursement for eligible equipment and/or services for which the Service Provider has already been paid.

(vi) The Service Provider certifies that the school's, library's, or consortium's non-discount portion of costs for the eligible equipment and services has not been waived, paid, or promised to be paid by this Service Provider. The Service Provider acknowledges that the provision of a supported service or free services or equipment unrelated to the supported equipment or services constitutes a rebate of the non-discount portion of the costs as stated in § 54.2007(d).

(vii) The Service Provider acknowledges that it must submit invoices detailing the items purchased and provided to the school, library, or consortium, along with the submission of its request for reimbursement as required by paragraph (b) of this section.

(viii) The Service Provider certifies that it is compliant with the Commission's rules and orders regarding gifts and this Service Provider has not directly or indirectly offered or provided any gifts, gratuities, favors, entertainment, loans, or any other thing of value to any eligible school, library, or consortium, except as provided for in this subpart.

(ix) The Service Provider acknowledges that it may be subject to an audit, inspection, or investigation pursuant to its request for reimbursement, that it will retain for ten years any and all records related to its request for reimbursement, and will make such records and equipment purchased with Schools and Libraries Cybersecurity Pilot Program reimbursement available at the request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission and its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(x) No kickbacks, as defined in 41 U.S.C. 8701, were paid by the Service Provider to anyone in connection with the Schools and Libraries Cybersecurity Pilot Program or the schools and libraries universal service support mechanism.

(xi) The Service Provider is not debarred or suspended from any Federal programs, including the universal service support mechanisms.

(xii) No universal service support has been or will be used to purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by any company designated by the Commission as posing a national security threat to the integrity of communications networks or the communications supply chain since the effective date of the designations.

(xiii) No Federal subsidy made available through a program administered by the Commission that provides funds to be used for the capital expenditures necessary for the provision of advanced communications services has been or will be used to purchase, rent, lease, or otherwise obtain, any covered communications equipment or service, or maintain any covered communications equipment or service, or maintain any covered communications equipment or service previously purchased, rented, leased, or otherwise obtained, as required by § 54.10.

(b) Required documentation. Along with the submission of a completed FCC Form 472 or FCC Form 474, a participant or service provider seeking reimbursement from the Schools and Libraries Cybersecurity Pilot Program must submit invoices detailing the items purchased and received to the Administrator at the time the FCC Form 472 or FCC Form 474 is submitted.

(c) Reimbursement and invoice processing. The Administrator shall accept and review requests for reimbursement and invoices subject to the invoice filing deadlines provided in paragraph (d) of this section.

(d) Invoice filing deadline. Invoices must be submitted to the Administrator within ninety (90) days after the last date to receive service, in accordance with § 54.2001(c).

(e) Invoice deadline extensions. In advance of the deadline calculated pursuant to paragraph (d) of this section, billed entities or service providers may request a one-time extension of the invoice filing deadline. The Administrator shall grant a ninety (90) day extension of the invoice filing deadline, if the request is timely filed.

(f) Choice of payment method. Service providers providing discounted services under this subpart shall, prior to the submission of the FCC Form 471, permit the Schools and Libraries Cybersecurity Pilot Program participant to choose the method of payment for the discounted services from those methods offered by the Administrator, including making a full undiscounted payment and receiving subsequent reimbursement of the discount amount from the Administrator.

[89 FR 61321, July 30, 2024]

(a) Audits. Schools and Libraries Cybersecurity Pilot Program participants and service providers shall be subject to audits and other investigations to evaluate their compliance with the statutory and regulatory requirements in this chapter of the Schools and Libraries Cybersecurity Pilot Program, including those requirements pertaining to what services and equipment are purchased, what services and equipment are delivered, and how services and equipment are being used.

(b) Inspections and investigations. Schools and Libraries Cybersecurity Pilot Program participants and service providers shall permit any representative (including any auditor) appointed by a state education department, the Administrator, the Commission, its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity to enter their premises to conduct inspections for compliance with the statutory and regulatory requirements in this subpart of the Schools and Libraries Cybersecurity Pilot Program.

(a) Recordkeeping requirements. All Schools and Libraries Cybersecurity Pilot Program participants and service providers shall retain all documents related to their participation in the program sufficient to demonstrate compliance with all program rules for at least ten years from the last date of service or delivery of equipment. All Schools and Libraries Cybersecurity Pilot Program applicants shall maintain asset and inventory records of services and equipment purchased sufficient to verify the actual location of such services and equipment for a period of ten years after purchase.

(b) Production of records. All Schools and Libraries Cybersecurity Pilot Program participants and service providers shall produce such records upon request of any representative (including any auditor) appointed by a state education department, the Administrator, the Commission, its Office of Inspector General, or any local, state, or Federal agency with jurisdiction over the entity.

(a) The Universal Service Administrative Company is appointed the Administrator of the Schools and Libraries Cybersecurity Pilot Program and shall be responsible for administering the Schools and Libraries Cybersecurity Pilot Program.

(b) The Administrator shall be responsible for reviewing applications for funding, recommending funding commitments, issuing funding commitment decision letters, reviewing invoices and recommending payment of funds, as well as other administration-related duties.

(c) The Administrator may not make policy, interpret unclear provisions of statutes or rules, or interpret the intent of Congress. Where statutes or the Commission's rules in this subpart are unclear, or do not address a particular situation, the Administrator shall seek guidance from the Commission.

(d) The Administrator may advocate positions before the Commission and its staff only on administrative matters relating to the Schools and Libraries Cybersecurity Pilot Program.

(e) The Administrator shall create and maintain a website, as defined in § 54.5, on which applications for services will be posted on behalf of schools and libraries.

(f) The Administrator shall provide the Commission full access to the data collected pursuant to the administration of the Schools and Libraries Cybersecurity Pilot Program.

(g) The Administrator shall provide performance measurements pertaining to the Schools and Libraries Cybersecurity Pilot Program as requested by the Commission by order or otherwise.

(h) The Administrator shall have the authority to audit all entities reporting data to the Administrator regarding the Schools and Libraries Cybersecurity Pilot Program. When the Commission, the Administrator, or any independent auditor hired by the Commission or the Administrator conducts audits of the participants of the Schools and Libraries Cybersecurity Pilot Program, such audits shall be conducted in accordance with generally accepted government auditing standards.

(i) The Administrator shall establish procedures to verify support amounts provided by the Schools and Libraries Cybersecurity Pilot Program and may suspend or delay support amounts if a party fails to provide adequate verification of the support amounts provided upon reasonable request from the Administrator or the Commission.

(j) The Administrator shall make available to whomever the Commission directs, free of charge, any and all intellectual property, including, but not limited to, all records and information generated by or resulting from its role in administering the support mechanisms, if its participation in administering the Schools and Libraries Cybersecurity Pilot Program ends. If its participation in administering the Schools and Libraries Cybersecurity Pilot Program ends, the Administrator shall be subject to close-out audits at the end of its term.

(a) Parties permitted to seek review of Administrator decision. (1) Any party aggrieved by an action taken by the Administrator must first seek review from the Administrator.

(2) Any party aggrieved by an action taken by the Administrator under paragraph (a)(1) of this section may seek review from the Commission as set forth in paragraph (b) of this section.

(3) Parties seeking waivers of the Commission's rules in this subpart shall seek relief directly from the Commission and need not first file an action for review from the Administrator under paragraph (a)(1) of this section.

(b) Filing deadlines. (1) An affected party requesting review of a decision by the Administrator pursuant to paragraph (a)(1) of this section shall file such a request within thirty (30) days from the date the Administrator issues a decision.

(2) An affected party requesting review by the Commission pursuant to paragraph (a)(2) of this section of a decision by the Administrator under paragraph (a)(1) of this section shall file such a request with the Commission within thirty (30) days from the date of the Administrator's decision. Further, any party seeking a waiver of the Commission's rules under paragraph (a)(3) of this section shall file a request for such waiver within thirty (30) days from the date of the Administrator's initial decision, or, if an appeal is filed under paragraph (a)(1) of this section, within thirty days from the date of the Administrator's decision resolving such an appeal.

(3) Parties shall adhere to the time periods for filing oppositions and replies set forth in § 1.45 of this chapter.

(c) General filing requirements. (1) Except as otherwise provided in this section, a request for review of an Administrator decision by the Commission shall be filed with the Commission's Office of the Secretary in accordance with the general requirements set forth in part 1 of this chapter. The request for review shall be captioned “In the Matter of Request for Review by (name of party seeking review) of Decision of Universal Service Administrator” and shall reference the applicable docket numbers.

(2) A request for review pursuant to paragraphs (a)(1) through (3) of this section shall contain:

(i) A statement setting forth the party's interest in the matter presented for review;

(ii) A full statement of relevant, material facts with supporting affidavits and documentation;

(iii) The question presented for review, with reference, where appropriate, to the relevant Commission rule, Commission order, or statutory provision; and;

(iv) A statement of the relief sought and the relevant statutory or regulatory provision pursuant to which such relief is sought.

(3) A copy of a request for review that is submitted to the Commission shall be served on the Administrator consistent with the requirement for service of documents set forth in § 1.47 of this chapter.

(4) If a request for review filed pursuant to paragraphs (a)(1) through (3) of this section alleges prohibitive conduct on the part of a third party, such request for review shall be served on the third party consistent with the requirement for service of documents set forth in § 1.47 of this chapter. The third party may file a response to the request for review. Any response filed by the third party shall adhere to the time period for filing replies set forth in § 1.45 of this chapter and the requirement for service of documents set forth in § 1.47 of this chapter.

(d) Review by the Wireline Competition Bureau or the Commission. (1) Requests for review of Administrator decisions that are submitted to the Commission shall be considered and acted upon by the Wireline Competition Bureau; provided, however, that requests for review that raise novel questions of fact, law, or policy shall be considered by the full Commission.

(2) An affected party may seek review of a decision issued under delegated authority by the Wireline Competition Bureau pursuant to the rules set forth in part 1 of this chapter.

(e) Standard of review. (1) The Wireline Competition Bureau shall conduct a de novo review of requests for review of decisions issued by the Administrator.

(2) The Commission shall conduct a de novo review of requests for review of decisions by the Administrator that involve novel questions of fact, law, or policy; provided, however, that the Commission shall not conduct a de novo review of decisions issued by the Wireline Competition Bureau under delegated authority.

(f) Schools and Libraries Cybersecurity Pilot Program disbursements during pendency of a request for review and Administrator decision. When a party has sought review of an Administrator decision under paragraphs (a)(1) through (3) of this section, the Commission shall not process a request for the reimbursement of eligible equipment and/or services until a final decision has been issued either by the Administrator or by the Commission; provided, however, that the Commission may authorize disbursement of funds for any amount of support that is not the subject of an appeal.

(a) Definitions—(1) School. For the purposes of the certification requirements of this section, school means school, school board, school district, local education agency, or other authority responsible for administration of a school.

(2) Library. For the purposes of the certification requirements of this section, library means library, library board, or authority responsible for administration of a library.

(3) Billed entity. Billed entity is defined in § 54.2000. In the case of a consortium, the billed entity is the lead member of the consortium.

(b) Certifications required. A school or library that receives support for eligible services and equipment through the Schools and Libraries Cybersecurity Pilot Program must make the certifications as described in paragraph (c) of this section.

(c) CIPA certifications. (1) A Schools and Libraries Cybersecurity Pilot Program participant need not complete additional Children's internet Protection Act (CIPA) (47 U.S.C. 254(h) and (l)) compliance certifications if the participant has already certified its CIPA compliance for the schools and libraries universal service support mechanism funding year preceding the start of the Schools and Libraries Cybersecurity Pilot Program (i.e., has certified its compliance in an FCC Form 486 or FCC Form 479).

(2) Schools and Libraries Cybersecurity Pilot Program participants that have not already certified their CIPA compliance for the schools and libraries universal service support mechanism funding year preceding the start of the Schools and Libraries Cybersecurity Pilot Program (i.e., have not completed a FCC Form 486 or FCC Form 479), will be required to certify:

(i) That they are in compliance with CIPA requirements under 47 U.S.C. 254(h) and (l);

(ii) That they are undertaking the actions necessary to comply with CIPA requirements under 47 U.S.C. 254(h) and (l) as part of their request for support through the Schools and Libraries Cybersecurity Pilot Program, and will come into compliance within one year from the date of the submission of its FCC Form 471; or

(iii) That they are not required to comply with CIPA requirements under 47 U.S.C. 254(h) and (l) because they are purchasing services to be used only in conjunction with student-, school staff- or library patron-owned computers.

(d) Failure to provide certifications—(1) Schools and libraries. A school or library that knowingly fails to submit certifications as required by this section shall not be eligible for support through the Schools and Libraries Cybersecurity Pilot Program until such certifications are submitted.

(2) Consortia. A billed entity's knowing failure to collect the required certifications from its eligible school and library members or knowing failure to certify that it collected the required certifications shall render the entire consortium ineligible for support through the Schools and Libraries Cybersecurity Pilot Program.

(3) Reestablishing eligibility. At any time, a school or library deemed ineligible for equipment and services under the Schools and Libraries Cybersecurity Pilot Program because of failure to submit certifications required by this section may reestablish eligibility for support by providing the required certifications to the Administrator and the Commission.

(e) Failure to comply with the certifications—(1) Schools and libraries. A school or library that knowingly fails to comply with the certifications required by this section must reimburse any funds and support received under the Schools and Libraries Cybersecurity Pilot Program for the period in which there was noncompliance.

(2) Consortia. In the case of consortium applications, the eligibility for support of consortium members who comply with the certification requirements of this section shall not be affected by the failure of other school or library consortium members to comply with such requirements.

(3) Reestablishing compliance. At any time, a school or library deemed ineligible for support through the Schools and Libraries Cybersecurity Pilot Program for failure to comply with the certification requirements of this section and that has been directed to reimburse the program for support received during the period of noncompliance may reestablish compliance by complying with the certification requirements under this section. Upon submittal to the Commission of a certification, the school or library shall be eligible for support through the Schools and Libraries Cybersecurity Pilot Program.

(f) Waivers based on state or local procurement rules and regulations and competitive bidding requirements. Waivers shall be granted to schools and libraries when the authority responsible for making the certifications required by this section cannot make the required certifications because its state or local procurement rules or regulations or competitive bidding requirements prevent the making of the certification otherwise required. The waiver shall be granted upon the provision, by the authority responsible for making the certifications on behalf of schools or libraries, that the schools or libraries will be brought into compliance with the requirements of this section within one year from the date the waiver was granted.