FCC Cybersecurity Pilot Program Guide

The FCC established the Schools and Libraries Cybersecurity Pilot Program as a $200 million, three-year program to help selected eligible schools and libraries obtain cybersecurity services and equipment that are not fully covered under traditional E-Rate.

The program recognizes that basic filtering and firewall protection are no longer enough for the threat environment facing education. Schools and libraries continue to face disruptive ransomware, phishing, data exposure, and operational continuity risk, while many districts lack the staff and budget to build enterprise-grade defenses alone.

The pilot is designed to test whether universal service funding can improve cybersecurity outcomes for schools and libraries. Districts should treat it as a formal funding and documentation program: verify current USAC guidance, map every requested service to the current eligible services list, avoid duplicate funding with E-Rate, and retain strong procurement records.

Eligibility for the FCC Cybersecurity Pilot Program mirrors the E-Rate program's existing applicant base, but the Pilot is not an always-open funding source. USAC's current public page says Pilot participants were selected and that program forms, competitive bidding, funding requests, and reimbursements follow Pilot-specific processes.

For selected participants, entity records, EPC information, competitive bidding documentation, cybersecurity needs assessment details, and funding request materials must be kept current and organized. Non-selected districts should treat the Pilot as a policy signal and planning reference while using current E-Rate, local, state, cooperative, or other funding routes.

Calbrate's role is to help either group: selected Pilot participants need cleaner component mapping and documentation; non-selected districts need a practical funding strategy that does not depend on a closed Pilot application window.

The Cybersecurity Pilot Program covers a broader range of cybersecurity services than traditional E-Rate, but eligibility must be checked against the current Pilot eligible services list and the applicant's selected-participant requirements.

Commonly relevant categories include firewalls and related security services, identity and access management, endpoint protection, monitoring, logging, and other cybersecurity controls identified by the program. Exact treatment can depend on the service description, licensing structure, cost allocation, and current USAC guidance.

Cloud-delivered platforms can be a strong fit when their individual components are clearly mapped to eligible categories. For iboss SASE, Calbrate should document which components are being requested, which funding source applies, and which portions are outside the applicable funding rules.

• Advanced next-generation firewalls and firewall as a service (FWaaS)
• Endpoint detection and response (EDR) and endpoint protection platforms
• Identity and access management, including zero-trust network access (ZTNA)
• Security information and event management (SIEM) and log analysis
• DNS-layer security and threat intelligence feeds
• Email security, anti-phishing, and anti-malware solutions
• Network monitoring, intrusion detection, and intrusion prevention systems
• Cybersecurity training and awareness programs for staff and administrators

The iboss SASE platform is relevant to the types of distributed, cloud-first environments common in K-12. Its cloud-native architecture can protect users across school buildings, home networks, and mobile access, but funding treatment must be documented component by component.

iboss Secure Web Gateway (SWG), firewall/security inspection, Zero Trust Network Access (ZTNA), CASB, DLP, RBI, DNS security, and reporting can each be evaluated against current Pilot and E-Rate categories. The right language is may map, not automatically qualifies: Calbrate should validate the current eligible services list, the customer's filing posture, and the precise license components before making a funding claim.

This component-by-component mapping gives sales and procurement teams a stronger story because it is useful, specific, and defensible during USAC review.

USAC administers the Cybersecurity Pilot with program-specific forms, deadlines, competitive bidding expectations, cybersecurity needs assessment requirements, and documentation rules. Districts should use the current USAC Pilot pages as the source of truth before relying on any static guide.

Selected participants should prepare a cybersecurity needs assessment, inventory current tools, identify capability gaps, document the services requested, and connect each requested service to current program categories. A strong application package should also show procurement discipline, cost allocation, implementation planning, and sustainability after the pilot period.

Calbrate's role should be to help districts convert technical architecture into clean procurement documentation: current-state assessment, component mapping, narrative language, cost allocation, and evidence the district can keep for review.

Effective cybersecurity budget planning requires districts to scope an iboss SASE deployment based on the number of users, devices, locations, service components, implementation needs, and funding source. iboss licensing and service structure should be modeled from current quote data rather than assumed averages.

When developing a Pilot, E-Rate, local, or state budget, districts should account for subscription licensing, implementation and configuration services, identity and device integration, staff training, and any ongoing managed support. The same budget should separate potentially eligible and ineligible components.

A phased deployment approach may be strategically advantageous. A district can prioritize core web security, firewall/security inspection, and access controls first, then add CASB, DLP, RBI, backup, endpoint, or identity layers based on funding and risk.

The Cybersecurity Pilot can sit alongside traditional E-Rate Category 2 funding when the same service component is not funded twice. Services eligible under traditional E-Rate, such as content filtering or firewall-related functions, should be kept separate from Pilot-requested cybersecurity components.

For districts deploying iboss SASE, this layered funding approach may reduce out-of-pocket cost when the licensing and service descriptions are cleanly allocated. For example, a district may evaluate whether SWG/content filtering and firewall functions belong in E-Rate while other security capabilities are considered under the Pilot, subject to current USAC guidance.

Proper cost allocation requires careful documentation. Districts should work with their Calbrate account team to develop a matrix that maps each iboss component to the appropriate funding source, documents ineligible portions, and supports review.

A strong funding record demonstrates a clear connection between identified cybersecurity needs, the proposed solution, the procurement process, the cost allocation, and the expected outcomes. Districts should assemble a cross-functional team that includes IT leadership, the E-Rate coordinator, finance, procurement, and administration.

The needs assessment should be grounded in a formal cybersecurity risk review. If your district has not recently completed one, Calbrate can facilitate a security posture review that identifies vulnerabilities, quantifies risk exposure, and maps findings to eligible or likely funding categories.

Vendor selection documentation should show that the chosen solution represents the best value under the applicable rules. For E-Rate-funded procurements, price must remain the primary factor. For Pilot participants, use current USAC Pilot guidance. For local, state, or cooperative purchasing, retain the policy authority, evaluation record, and board approval documentation.

• Conduct a formal cybersecurity risk assessment to support the needs narrative
• Inventory all existing cybersecurity tools and identify specific capability gaps
• Develop a detailed deployment plan with milestones and success metrics
• Prepare a cost allocation matrix separating claimed, excluded, and Pilot-supported components where applicable
• Draft a sustainability plan for maintaining security investments post-pilot
• Assemble procurement and funding documentation against current USAC or buyer deadlines