Federal Student Aid Launches Guaranty Agency Privacy and Security Self-Assessments

by: Amanda Janice Roberson

Earlier this summer, the Office of Federal Student Aid (FSA) initiated a program comprised of self-assessments for the Guaranty Agencies (GAs). These assessments, due to FSA by July 31, 2015, are part of the larger government-wide efforts to improve the security of information, specifically personally identifiable information (PII). The goal of the program is to identify and remedy any security deficiencies based on the Federal standards described in the National Institute of Standards and Technology publications.

According to a Dear Colleague Letter sent by FSA to the GAs, FSA plans to assess the ability of GAs to secure the PII they hold by:

• “Assessing the risk and magnitude of harm that could result from unauthorized access, use, disclosure, disruption, modification, or destruction of information or information systems;
• Determining the levels of information security appropriate to protect information and information systems;
• Implementing and enforcing policies and procedures to cost-effectively reduce risks to an acceptable level; and
• Conducting regular testing and evaluation of information security controls and techniques to ensure effective implementation of such controls and techniques.”

FSA plans to analyze the assessments and identify security strengths and weaknesses of the GAs. Those agencies with significant weakness or security gaps are then required to submit a plan to address the deficiencies within 45 days. FSA’s proactive approach to maintain the security of student PII and address potential breach risks is in the best interest of not only the agency itself and the Department of Education but also student borrowers.