CIPA Compliance

Protecting students online is often a moving target. Online threats are emerging as rapidly as ever, and minors are often seeking out inappropriate content. This makes it challenging for an educational institution to manage online threats. DNSFilter has produced this guide in order to help you understand and meet CIPA compliance for your school.

What content do I need to block?

What are the requirements of CIPA?

The Children’s Internet Protection Act (CIPA) regulation centers around adopting an “Internet Safety Policy” (more well-known as an Acceptable Use Policy) which sets forth in writing how you will use protection measures, monitor technology use, and educate minors on safe use of technology. The FCC requires also that, “Before adopting this Internet safety policy, schools and libraries must provide reasonable notice and hold at least one public hearing or meeting to address the proposal.” A provision in the Protecting Children in the 21st Century Act also requires schools to incorporate the subject of appropriate online behavior (including social networking sites and cyberbullying awareness and response) into their Acceptable Use Policy and annual school training.

According to the FCC, there are five elements the Acceptable Use Policy must address:

1. Access by minors to inappropriate matter on the Internet;
2. The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;
3. Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;
4. Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
5. Measures restricting minors’ access to materials harmful to them.

DNSFilter is able to help in meeting all five of these requirements. Although your school/library is responsible for writing a policy and monitoring technology use in the classroom, you can leave the enforcement of it in our hands. Our product is one of the most lightweight yet effective ways to ensure your entire network is protected from inappropriate content and online threats.

How should I setup DNSFilter to be CIPA compliant?

Using the FCC categories listed above, you can setup DNSFilter to be your primary solution to defend your network against malicious internet traffic.

1. Prevent access by minors to inappropriate content. According to the FCC, ”The protection measures must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors).” DNSFilter has a feature to turn on a CIPA compliant policy with a single click. We also automatically block child pornography for all customers, through our partnerships with the Internet Watch Foundation and Project Arachnid
2. Enforce the safety and security of minors when using email, chat, and other direct electronic communication. The most effective way to do this is by blocking the following categories: Blogs & Personal Sites, Chat & Instant Messaging, Media Sharing, Message Boards & Forums, Social Networking, Streaming Media. You may consider whitelisting sites that you view as benign or are able to appropriately supervise in the classroom or library environment.
3. Prevent unauthorized access, hacking, and unlawful activities. There are two things that should be put in place in order to prevent hacking and unlawful activities by minors on the network. The first is to apply filtering policies to the categories of Hacking & Cracking, and P2P & Illegal, as well as turn on all of our threat categories.
4. Avoid unauthorized disclosure of personal information regarding minors. No action is required on your part to apply this for our product. DNSFilter does not collect personally identifiable information for adults or minors.
5. Restrict minors’ access to materials harmful to them. The best way to restrict access is to ensure that minors cannot circumvent DNS settings. You can do this by implementing DNS firewall rules. This is the only way to prevent minors from tampering with network adapter settings on their local device and escaping your filtering policy. You should configure all outbound DNS traffic on port 53 to point to our servers. We also have an article that goes into greater depth on Preventing Circumvention. The other side of the coin is that, under CIPA, adults should have the ability to bypass filtering policies for lawful purposes or bona fide research. There are two options for this. The first is to set up a bypass password. You can do this in the dashboard by navigating to Policies -> Block Pages and you will be able to set a password which can then be given to staff. The second option is to implement NAT IPs , which allows you to have multiple policies based on network segments. This would allow staff computers which are on a separate LAN/vLAN to have different policies than students.

Other resources: - Consortium for School Networking’s Guide for School Districts, which includes links to sample Acceptable Use Policies. - The FCC’s Children’s Internet Protection Act (CIPA) - American Library Association’s CIPA Analysis