Skip to content

CIPA & E-Rate

One cannot discuss the topic of E-rate without covering the topic of CIPA.  The Children’s Internet Protection Act was enacted by the United States Congress in 2000.   The Federal Communications Commission then released the regulations concerning CIPA in April of 2001.  The purpose of the legislation is to protect children on the Internet from disturbing or dangerous content while attending school or visiting a public library.  Because of the legislation, schools and libraries have a legal and ethical responsibility to ensure a safe learning environment and experience.

CIPA compliance is not mandatory and there are no legal repercussions for non-compliancy.  However, organizations that are subject to CIPA are eligible to receive benefits of the E-rate program without certifying that they have an Internet safety policy in place. E-Rate is a government-sponsored program that makes telecom and information technology more affordable for organizations that lack adequate financial resources or a strong supportive tax base.  The requirement of CIPA in these circumstances makes sense since the discounts are subsidized by taxpayer dollars.

What is Required by CIPA

Schools and libraries subject to CIPA are required to adopt and implement an Internet Safety Policy that meets the following provisions:

  • Must prevent access to inappropriate content on the Internet that could be harmful to minors
  • Must secure a safe environment for minors when using electronic mail, digital messengers, chat rooms, or another form of electronic communication.
  • Prevent unlawful cyber activities for minors such as hacking and malicious attacks such as DDoS
  • Provide technology measures to prevent any unauthorized disclosure and dissemination of personal information regarding minors such as that held within the student information system

Schools have two added CIPA requirements:

  • Must be able to monitor the online activities of minors
  • Must educate minors about appropriate online behavior, including online interaction using social networking and chat rooms.  Education must also include cyberbullying awareness and response.

Organizations that choose to implement an Internet Safety Policy are required to provide one public meeting to inform the public and allow for feedback.

So What is Inappropriate Content?

CIPA only defines a minimum definition of what type of content is inappropriate.  Content deemed harmful to minors is associated with sexual content, images of sexual acts, obscene sexual images, lewd exhibition of genitals or perverted behavior unless it is part of an overall presentation that provides artistic or scientific value to minors.  Of course, an organization can extend filtering options beyond this minimum standard set by CIPA concerning such web categories such as gambling, weapons, gambling, etc.  Decisions to filter content beyond that required by CIPA is to be decided by the organizations.  Schools are also free to make multiple web filtering policies for different schools and ages as long as each policy meets the minimum CIPA standards.

Does CIPA Require Specific Protection Measures?

Like other governmental compliances such as HIPAA, CIPA does not specify specific technology protection methods.  Organizations are only required to choose a technical solution that ensures CIPA compliance.  Whether it is a software-based solution that resides on student devices, an on-premise filtering appliance or a DNS cloud-based filtering service is up to the organization.  In other words, how you block inappropriate content is up to you. 

How are Organizations Required to Monitor Internet Activity of Minors?

It is not enough to simply provide technical protection measures when it comes to the Internet safety of minors.  CIPA also requires the monitoring of all online activities.  Monitoring is more clearly defined as supervision.  This can be accomplished by either active monitoring in the room or through some sort of screen monitoring system.   CIPA currently does not require tracking or logging of Internet activity.  This again would be a local decision made by the organization itself.  Many schools choose to enforce logging on their own for use involving disciplinary measures. 

What About One-to-One Programs?

Currently, CIPA does not provide guidance concerning the filtering of web traffic of student devices while at home or away from school premises.  CIPA currently applies only to the school on-premise network itself.  Many school districts that implement one-to-one programs do utilize web-filtering solutions that go beyond the boundaries of the school enterprise.


In the end, there is nothing complicated about CIPA compliancy.  It simply provides common sense guidelines for organizations that want to make use of publicly subsidized E-Rate funds concerning their enterprise infrastructure.  The specifics of how these compliances are met is up to the organization itself.

Web Content Filtering is an absolute must have in order to ensure compliance and protection for your University or School Network. WebTitan protects staff and students online, while also offering the flexibility and tools for your educational policy requirements. It is highly scalable for Universities and School Districts while also offering a granular policy engine to meet the flexible requirements of the education sector.

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on US +1 813 304 2544

Contact Us