Schools and Libraries Program Home

Step 6 Starting Services

CIPA

Applicants must enforce a policy of Internet safety and certify compliance with the Children's Internet Protection Act (CIPA) to be eligible for discounts. CIPA was signed into law on December 21, 2000. To receive support for Internet Access, Internal Connections, and Basic Maintenance services, school and library authorities must certify that they are enforcing a policy of Internet safety that includes measures to block or filter Internet access for both minors and adults to certain visual depictions. The relevant authority with responsibility for administration of the eligible school or library (hereinafter known as the Administrative Authority) must certify the status of its compliance for the purpose of CIPA in order to receive universal service support.

In general, school and library authorities must certify either that they have complied with the requirements of CIPA, that they are undertaking actions, including any necessary procurement procedures, to comply with the requirements of CIPA, or that CIPA does not apply to them because they are receiving discounts for telecommunications services only.

Requirements

CIPA requirements include the following three items:

1. Internet Safety Policy

Schools and libraries receiving universal service discounts are required to adopt and enforce an Internet safety policy that includes a technology protection measure that protects against access by adults and minors to visual depictions that are obscene, child pornography, or — with respect to use of computers with Internet access by minors — harmful to minors.

The Internet safety policy must address all of the following issues:

  • Access by minors to inappropriate matter on the Internet and World Wide Web
  • The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications
  • Unauthorized access including "hacking" and other unlawful activities by minors online
  • Unauthorized disclosure, use, and dissemination of personal information regarding minors
  • Measures designed to restrict minors' access to materials harmful to minors

For schools, the policy must also include monitoring the online activities of minors. Note: beginning July 1, 2012, when schools certify their compliance with CIPA, they will also be certifying that their Internet safety policies have been updated to provide for educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, cyberbullying awareness, and response.

2. Technology Protection Measure

A technology protection measure is a specific technology that blocks or filters Internet access. The school or library must enforce the operation of the technology protection measure during the use of its computers with Internet access, although an administrator, supervisor, or other person authorized by the authority with responsibility for administration of the school or library may disable the technology protection measure during use by an adult to enable access for bona fide research or other lawful purpose.

3. Public Notice and Hearing or Meeting

The authority with responsibility for administration of the school or library must provide reasonable public notice and hold at least one public hearing or meeting to address a proposed technology protection measure and Internet safety policy. For private schools, public notice means notice to their appropriate constituent group. Unless required by local or state rules, an additional public notice and a hearing or meeting is not necessary for amendments to Internet safety policies.

Administrative Authority

The Administrative Authority for a school or library is the entity that must make the relevant certification for the purpose of CIPA. For a school, the Administrative Authority may be the school, school district, school board, local educational agency, or other authority with responsibility for administration of the school. For a library, the Administrative Authority may be the library, library board, or other authority with responsibility for administration of the library.

If the Administrative Authority is also the Billed Entity, the Administrative Authority certifies on the FCC Form 486. If the Administrative Authority is not the Billed Entity, the Administrative Authority must complete FCC Form 479 (Certification of Administrative Authority to Billed Entity of Compliance with the Children's Internet Protection Act), and submit the FCC Form 479 to the Billed Entity. The Billed Entity then certifies on the FCC Form 486 that it has collected, duly completed, and signed the FCC Form 479. The Billed Entity does not need to collect FCC Forms 479 when the Billed Entity applies only for telecommunications services.

Determination of the First Funding Year

CIPA provides that, in the first funding year following the effective date of CIPA (April 20, 2001) in which you are "applying" for funds, you need not be fully compliant with CIPA's requirements but can certify that you are undertaking actions to be in compliance for the next funding year. You may also make this certification in your Second Funding Year for the purpose of CIPA if you seek a waiver due to state or local procurement rules or regulations or competitive bidding requirements. Applicants, therefore, need to determine their "first," "second," and "third" funding years after the effective date of CIPA (April 20, 2001) in which their school or library is "applying" for funds and must also understand what "applying" for funds means in this context.

Applying for Funds

For the purpose of CIPA requirements, a school or library that is a recipient of service is considered to have "applied" for funds in a funding year after a Receipt of Service Confirmation and Children's Internet Protection Act and Technology Plan Certification Form (FCC Form 486) for a funding request for Internet Access, Internal Connections, or Basic Maintenance services has been successfully processed into the USAC system.

The First Funding Year

The first funding year after Funding Year 2000 (the funding year beginning July 1, 2000) in which your school or library applies for funds (i.e., in which an FCC Form 486 is successfully processed) for Internet Access, Internal Connections, or Basic Maintenance services is your First Funding Year for the purpose of CIPA. Once your First Funding Year is established, the next two funding years will be your second and third funding years for the purpose of CIPA. In the First Funding Year, the applicant must be in compliance with CIPA or undertaking actions to comply with CIPA in order to receive support for Internet Access, Internal Connections, or Basic Maintenance services.

Once the First Funding Year is established, the funding year immediately following becomes the Second Funding Year for the purpose of CIPA.

The Second Funding Year

If the school or library applies for funds for Internet Access, Internal Connections, or Basic Maintenance services in the Second Funding Year, its Administrative Authority must certify compliance with CIPA unless state or local procurement rules or regulations or competitive bidding requirements prevent the making of the certification. A school or library so prevented can request a waiver for the Second Funding Year on FCC Form 486 Item 6C or FCC Form 479 (Certification by Administrative Authority to Billed Entity of Compliance with the Children's Internet Protection Act) Item 6d, as appropriate.

The Third Funding Year

The Third Funding Year for the purpose of CIPA is the funding year immediately following the second. If the school or library applies for funds for Internet Access, Internal Connections, or Basic Maintenance services in the Third Funding Year, it must be in compliance with CIPA.

The school or library must be in compliance with CIPA for any funding year thereafter.

Certification for Undertaking Actions

Below is the appropriate certification that the Administrative Authority must make for "undertaking actions" from the Federal Communications Commission, FCC 01-120 Order, released on April 5, 2001:

“I certify that, as of the date of the start of discounted services, pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C. Section 254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this FCC Form 486 is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year.”

Documentation for Undertaking Actions

For a school or library to be able to make the certification quoted above, it must be able to demonstrate that action was taken by the start of services. USAC will not request this documentation as part of the FCC Form 486 filing process but the school or library must maintain this documentation in its files for audit purposes.

An undertaken action is an action that can be documented and demonstrates that the school or library is taking steps to become compliant with the CIPA requirements. If a school or library has already provided reasonable public notice and at least one public hearing or meeting relating to an Internet safety policy and technology protection measure that meets all the requirements listed above, that school or library has complied with the public notice and hearing or meeting requirements of CIPA. If a school or library has not met those conditions, the statute requires that the school or library provide the required notice and hearing or meeting.

Following are a few examples of documentation that could demonstrate that a school or library is undertaking actions to comply with CIPA: :

  • A published or circulated school or library board agenda with CIPA compliance cited as a topic
  • A circulated staff meeting agenda with CIPA compliance cited as a topic
  • A service provider quote requested and received by a recipient of service or Billed Entity which contains information on a technology protection measure
  • A draft Request for Proposals or other procurement procedure to solicit bids for the purchase or provision of a technology protection measure
  • An agenda or minutes from a meeting open to the public at which an Internet safety policy was discussed
  • An agenda or minutes from a public or non-public meeting of a school or library board at which procurement issues relating to the acquisition of a technology protection measure were discussed
  • A memo to an administrative authority of a school or library from a staff member outlining the CIPA issues not addressed by an Acceptable Use Policy currently in place
  • A memo or report to an administrative authority of a school or library from a staff member describing research on available technology protection measures
  • A memo or report to an administrative authority of a school or library from a staff member that discusses and analyzes Internet safety policies in effect at other schools and libraries

This list is not meant to be exhaustive, but includes examples of how applicants can demonstrate they are undertaking actions to become compliant with the CIPA requirements. Remember that such actions must occur before the start of services in order for discounts to be paid back to the service start date reported on the FCC Form 486. Although applicants are allowed to undertake the actions described above in order to make the required certification regarding CIPA compliance during the first funding year, applicants should be prepared to implement all necessary measures in order to be in full compliance with the CIPA requirements before services start for the second funding year, unless a waiver has been granted.