department of education update national council of higher education resources (ncher) 2015 knowledge...
TRANSCRIPT
Department of Education Update
National Council of Higher Education Resources (NCHER)
2015 Knowledge Symposium
Annmarie WeismanU. S. Department of Education
November 4, 2015
Revised Pay As You Earn (“REPAYE”)
Negotiated Rulemaking - REPAYE
• FY 2015 REPAYE “Neg Reg” Feb. 24 – 26, 2015: Session 1 March 31 – April 2, 2015: Session 2 April 28 – 30, 2015: Session 3 (consensus)
July 9, 2015: NPRM published Aug. 10, 2015: Public comment period ended
(nearly 3,000 received) Oct. 30, 2015: Regulations published December 2015: early implementation July 2016: Other issues effective
REPAYE
REPAYE Goal: Targeting neediest borrowers
President Obama’s 2016 budget proposal:“…reform and streamline income-driven
repayment to ensure that program benefits are targeted to the neediest borrowers and to safeguard the program for the future.”
REPAYE
REPAYE Goal: Targeting neediest borrowers
June 9, 2014 Presidential Memorandum:Directs the Secretary to, within one year, propose
new regulations for PAYE to expand PAYE to all borrowers and directs ED to implement this by December 2015….
…ensure that student loans remain affordable for all who borrowed federal direct loans as students by allowing them cap their payments at 10% of their monthly incomes.
REPAYE – Who is eligible?
1. Nearly all Direct Loan (DL) Borrowers
2. Many FFEL Borrowers Can Consolidate into DL
3. Eligible loan types: Subsidized DL, Unsubsidized DL, Grad PLUS
REPAYE – What’s Revised?
1. No Partial Financial Hardship
2. Interest Subsidy
3. Annual Certification
4. No Payment Cap
5. Married Borrowers Filing Separately
6. Undergraduate vs. Graduate Loan Debt
7. Loan Forgiveness
REPAYE – Other Issues
1. Servicemembers Civil Relief Act (SCRA)
2. ‘Warm Transfer’
3. Participation Rate Index (PRI) Appeals
4. DoD Lump Sum Payments and PSLF
5. Technical Correction to 682.405
REPAYE –Common Questions
Q: Why Another Plan?
A: REPAYE provides key protections to all borrowers while ensuring the benefits are not accruing predominantly to the most affluent
Q: Is there an income requirement to be eligible for REPAYE?
A: No, borrowers of all incomes may select the REPAYE repayment plan.
REPAYE –Common Questions
Q: What outreach is planned?
A: Incorporating REPAYE info into various servicer and Department communications
· Written correspondence· Servicer and StudentAid.gov webpage updates· FSA email campaign to borrowers (early 2016)
Cash Management
12
Cash Management, etc. Feb. 19–21, 2014 Session 1
March 26–28, 2-14 Session 2
April 23–25, 2014 Session 3
May 19–20, 2014 Session 4
May 18, 2015: NPRM published
July 2, 2015: public comment period closed (over 200 received)
Oct. 30: final regulations published
Effective July 1, 2016
13
Cash Management
Tougher standards and greater transparency around agreements between colleges and companies providing prepaid/debit cards to students Meaningful choice of products Clear and neutral information Fees charged to students
14
Other Issues Negotiated
Clock to credit hour conversion removed provisions under which a State or
Federal approval or licensure action required a program to be measured in clock hours
Retaking coursework Allow an institution offering term-based
programs to count, for enrollment purposes, courses a student is retaking that the student previously passed, up to one repetition per course
Questions
Andy Newton, CISSP, PMP
Overview of OMB Cyber Security Sprint Initiative
November 4, 2015
Agenda Background
Sprint Actions
Why Should we Care About the Sprint Actions
Network Scans/Configurations
Patch Management
Security Policies
Multi-Factor Authentication
Hardware/Software Asset Mgt
Privileged User Definition
Resources18
Background
In June 2015, the United States Chief Information Officer (CIO) Tony Scott responded to a data breach at a federal agency by launching a 30-day Cyber Security Sprint to improve federal cybersecurity and protect IT systems against evolving threats. As part of this effort, the Federal CIO instructed federal agencies to immediately take a number of steps to further protect information and assets and improve the resilience of federal networks.
19
20
Cyber Security Sprint Actions• Scan Networks for Indicators of Compromise• Patch Critical Vulnerabilities Without Delay• Tighten Policies and practices for Privileged Users• Implement Personal Identify Verification (PIV) Cards for
Network Access, Especially for Privileged Users• Identify High Value Assets and Review Corresponding
Security Protections
21
Why Should we Care About the Sprint Actions?
• These are high priority items for FSA and will likely be reviewed during future sites visits at your locations
• Best practices in your toolbox to help protect student information
• Help to safeguard against potential student information breaches
• Provides a baseline for implementing critical security controls
22
Network Scans/Configuration• Perform scans on a frequent basis to detect
vulnerabilities and to maintain good situational awareness• Use Authenticated Scans whenever possible• Categorized and remediate identified vulnerabilities ASAP• Create Plan of Action and Milestones (POA&Ms) to track
vulnerabilities that cannot be remediated in the near term• Use a risk based method for POA&M management, with
emphasis on remediating high and medium risk vulnerabilities
• Use a server configuration standard such as Center for Information Security (CIS) or DISA Security Technical Information Guidelines (STIGS)
23
Patch Management
• Apply critical patches for vulnerabilities without delay, the vast majority of cyber incidents exploit well known vulnerabilities that are easy to remediate
• Evaluate, test and apply other patches within reasonable timeframes (Waiting more than 30 days maybe too long)
• Automate and push patches to users so they do not have to perform patch management functions
• Don’t forget third party products such as Adobe, these should be automated and patched in a timely manner
• Plan for assets and operating system end-of-life (e.g. Windows XP)
24
Security Policies
• Implement policies consistent with emerging technologies such as disablement and wiping data from lost or stolen mobile devices
• Limit functions that can be performed when using privileged accounts
• Minimize the number of privileged users and limit the privileged functions that can be performed remotely
• Log privileged users activities and review logs on a regular basis
• Encrypt data at rest and in transit using strong encryption
25
Multi Factor Authentication• Implement Personal Identify Verification (PIV-I) Cards for
network access, especially for privileged users• Intruders can easily steal or guess usernames and
passwords and use them to gain access to your networks and stored information
26
Hardware/Software Asset Mgt
• Inventory, track and monitor hardware and software assets
• Investigate unusual activity levels or unknown hardware connection to your networks
• Identify high value assets and review corresponding security protections
• Consider isolating high value assets in network enclaves or use network segmentation to reduce risk to these assets
27
Privileged User Definition
• A Privileged User is defined as a user of an Information System with more authority and access than a general user.
• Example: users with root access, Database Administrators, Application Administrators, Network Administrator, System Administrator, Information Assurance Manager/Information Assurance Officer.
Resources: Helpful Information• Department of Homeland Security Handbook for Safeguarding Sensitive Personally
Identifiable Information• http://www.dhs.gov/sites/default/files/publications/privacy/Guidance/handb
ookforsafeguardingsensitivePII_march_2012_webversion.pdf• Cyber Resiliency Reviews
• https://www.us-cert.gov/ccubedvp/self-servicecrr• Critical Infrastructure Cyber Community Voluntary Program
• https://www.uscert.gov/ccubedvp• Cybersecurity Information Sharing and Collaboration Program
• https://www.uscert.gov/sites/default/files/c3vp/CISCP_20140523.pdf• GEN-15-18: Protecting Student Information
• http://www.ifap.ed.gov/dpcletters/attachments/GEN1518.pdf• NIST National Vulnerability Database & National Checklist Program
• https://nvd.nist.gov• https://web.nvd.nist.gov/view/ncp/repository
28
29
Questions
Ombudsman GroupSummary of Activities – FY 2015
November 4, 2015NCHER Knowledge Symposium
Customer ExperienceU.S. Department of Education
Highlights of FY 2015
31
• Received total of 38,008 contacts
• Implemented new case management system• Improves tracking of pending actions & data analytics
• New customer survey uses ACSI Index• Conducted via email following case closure
NCHER Knowledge Symposium – November 2015
FY 2015 Contact Volumes
32
• Top 5 Overall:• FSA Assistance – 5645• Account Balance – 3863• Loan Cancellation/Discharge – 3128• Repayment Plans/Amounts – 2780• Default -- 2309
• Other of note: Consolidation – influenced by prevalence of 3rd party debt relief
NCHER Knowledge Symposium – November 2015
FY 2015 Case Outcomes
33
• Outcomes vary significantly between General Assistance and Research• General Assistance cases most frequently are initial
inquiries with referral to another party • Research cases have more variable results as we facilitate
options for resolution
NCHER Knowledge Symposium – November 2015
Action Confirmation Information Referral Other Total
Research 27.3% 35.2% 19.5% 10.2% 7.7% 5,997General Assistance 0.5% 0.8% 5.1% 80.9% 12.7% 27,503
34
More on Case Outcomes
• The Ombudsman Group provided confirmation on 54% of Account Balance complaints
• Hosted four conference calls with student loan borrower interest groups
• Implemented a new customer survey using American Customer Satisfaction Institute (ACSI) methodology (September)
NCHER Knowledge Symposium – November 2014
35
Thank you!
Joyce DeMoss, Ombudsman [email protected] 202-377-3992
Questions?
NCHER Knowledge Symposium – November 2014