Security Requirements for Contractors Doing Business with the Department of Education

The successful contractor must comply with Department of Education cyber, privacy, and personnel (i.e., contractor vetting) security policy requirements:

  • Security and Privacy Requirements for IT Procurements (September 23, 2021) [download files] PDF (525K)
  • Contractor Vetting Security Requirements (January 19, 2021) [download files] PDF (142K)

The documents referenced within "Security and Privacy Requirements for IT Procurements" are accessible below:

  • Baseline Standards [download files] PDF (525K)
  • Systems Inventory [download files] PDF (390K)
  • Required Authorization [download files] PDF (400K)
  • System Security Plan (SSP) Review Checklist [download files] PDF (397K)
  • Authorizing Officials (AO) [download files] PDF (340K)
  • Cybersecurity Risk Management Framework (CRMF) [download files] PDF (405K)
  • Information and Communications (ICT) Supply Chain Risk Management (SCRM) [download files] PDF (1.1M)
  • Encryption of Computing Devices [download files] PDF (450K)
  • Password Parameters [download files] PDF (440K)
  • User-Notification Warning Banner [download files] PDF (380K)
  • Digital Identity [download files] PDF (1.4M)
  • Separation of Duties [download files] PDF (425K)
  • User Account Re-certification [download files] PDF (375K)
  • Emergency PIV Alternate [download files] PDF (370K)
  • Identity, Credential, and Access Management (ICAM) [download files] PDF (385K)
  • Cybersecurity Awareness Training  [download files] PDF (320K)
  • Data Loss Prevention – Microsoft 365 [download files] PDF (570K)
  • International Travel and Use of Education IT Services [download files] PDF (365K)
  • Cyber Hygiene [download files] PDF (415K)
  • Ongoing Assessment & Authorization [download files] PDF (345K)
  • Vulnerability Management  [download files] PDF (400K)
  • Computer Crime Incident Reporting [download files] PDF (275K)

Click here for Legacy documentation

Last Modified: 09/30/2021