iboss E-Rate Eligibility Matrix

Under the current USAC Eligible Services List, some iboss SASE components may be supportable under E-Rate Category 2 when they are described, priced, and allocated correctly. Districts should verify the current funding year ESL before filing and should avoid treating any bundled SASE license as automatically eligible.

iboss Secure Web Gateway (SWG), content filtering, and firewall-related functions are the components most likely to be evaluated under traditional E-Rate terminology. Eligibility depends on the service configuration, product description, cost allocation, and USAC review.

Districts should describe requested services using current E-Rate language, separate eligible from ineligible components, and keep vendor documentation ready for Program Integrity Assurance review.

• Secure Web Gateway (SWG) / Content Filtering - review under BMIC/MIBS or current ESL language
• Firewall as a Service (FWaaS) - review under Category 2 internal connections language
• DNS-layer security - review when part of content filtering or current eligible services
• SSL/TLS decryption for content inspection - document as part of SWG/firewall review

The FCC Cybersecurity Pilot may support security capabilities beyond traditional E-Rate, but every iboss component should be mapped to the current Pilot eligible services list before Calbrate or a district makes a funding claim.

ZTNA, CASB, DLP, RBI, DNS security, monitoring, logging, and related security capabilities can be reviewed against Pilot categories such as identity/access, monitoring, protection, and other current program definitions. The correct conclusion may vary by filing, license structure, and USAC guidance.

Calbrate's strongest position is to provide a defensible component matrix rather than a blanket statement that the full stack qualifies.

• Zero Trust Network Access (ZTNA) - review under identity and access management categories
• Cloud Access Security Broker (CASB) - review under cloud security and monitoring categories
• Data Loss Prevention (DLP) - review under data protection categories
• Remote Browser Isolation (RBI) - review under advanced threat protection categories
• Security analytics and reporting dashboards - review under monitoring and logging categories
• Managed detection and response services - review under managed security service categories

Accurate service type coding on funding forms is essential for smooth review. USAC uses standardized categories and program-specific form instructions to classify requested services, and incorrect codes or descriptions can trigger inquiries and funding delays.

For E-Rate Category 2 filings, iboss SWG, content filtering, and firewall-related functions should be described using current Eligible Services List language and the applicable form guidance. The narrative should precisely describe the requested service component and separate potentially eligible from ineligible functions.

For Cybersecurity Pilot participants, districts should use current USAC Pilot form instructions and eligible services guidance. Calbrate can maintain a current component matrix for iboss service components, but the matrix should be refreshed before each filing or review cycle.

Cost allocation is necessary whenever a single iboss subscription or contract includes both E-Rate-eligible and non-eligible service components. Because the iboss SASE platform delivers multiple security functions through a unified license, districts must allocate costs between eligible and ineligible portions before filing Form 471. USAC requires that cost allocations be based on a reasonable methodology and supported by documentation.

The most defensible cost allocation methodology for iboss deployments is a component-based approach that assigns a specific value to each functional module within the platform. Calbrate works with iboss to provide component-level pricing breakdowns that identify the cost attributable to each service capability — SWG, FWaaS, ZTNA, CASB, DLP, and RBI. This approach allows districts to claim E-Rate funding only for the eligible components (SWG and FWaaS) while separately claiming the remaining components under the Cybersecurity Pilot Program or funding them through local budget.

Alternative allocation methodologies include usage-based allocation, where costs are distributed based on the proportion of network traffic processed by each function, and proportional allocation, where costs are divided equally among the number of functional modules. Whichever methodology is chosen, it must be applied consistently and documented in the Form 471 narrative. USAC reviewers are more likely to accept allocations that are simple, well-documented, and based on verifiable data rather than estimates or assumptions.

USAC requires comprehensive documentation to support E-Rate applications, and maintaining organized records is equally important for cybersecurity pilot applications. Districts should establish a documentation file for each funding year that includes all materials from the competitive bidding process through final reimbursement.

Required documentation includes the signed vendor contract specifying all services, pricing, term dates, and service level agreements. The contract must align with what was described on Form 470 and requested on Form 471. For iboss deployments, the contract should itemize each service component separately with individual pricing, even if the services are delivered through a single platform license. This itemization supports the cost allocation and makes USAC review more straightforward.

Additional documentation requirements include the bid evaluation matrix showing how all vendor responses were scored, all vendor correspondence during the competitive bidding period, board minutes or approval documentation authorizing the contract, the cost allocation methodology worksheet with supporting calculations, and proof of service delivery such as iboss deployment confirmation reports or usage analytics. Districts must retain all E-Rate documentation for a minimum of ten years from the last date of service or the last date of the funding commitment, whichever is later. Calbrate provides documentation templates and retention checklists to help partner districts maintain audit-ready records throughout the retention period.

• Signed vendor contract with itemized service components and pricing
• Bid evaluation matrix documenting competitive selection process
• All vendor communications during the Form 470 posting period
• Cost allocation methodology worksheet with supporting calculations
• Board approval minutes authorizing the procurement
• Proof of service delivery and deployment confirmation
• Form 486 CIPA compliance certification documentation

Years of E-Rate application experience have revealed recurring mistakes that lead to funding denials, delayed commitments, and audit findings. Districts applying for iboss SASE funding should be aware of these pitfalls and take proactive steps to avoid them.

Incorrect service categorization is the most frequent error. Filing iboss cloud security services under Category 1 (internet access) instead of Category 2 (internal connections) will result in denial, as USAC considers security filtering and firewall services to be internal connections functions rather than data transmission services. Similarly, attempting to claim advanced SASE capabilities such as ZTNA or DLP under E-Rate Category 2 — when these services are not on the current Eligible Services List — will result in denial and may trigger additional scrutiny of the district's other funding requests.

Competitive bidding violations remain a leading cause of funding denials and audit recoveries. Common violations include failing to maintain the 28-day Form 470 posting period, using product-specific language on Form 470 that effectively limits competition, failing to evaluate all received bids, and not documenting the evaluation process. Bundled pricing is another frequent issue: if a vendor provides a single price for eligible and ineligible services without an itemized breakdown, USAC may deny the entire FRN. Districts should insist on itemized pricing from all vendors, including iboss, to ensure clean cost allocation and audit defensibility.

• Do not file cloud security services under Category 1 — they belong in Category 2
• Do not assume SASE components such as ZTNA, CASB, or DLP are E-Rate supported without current guidance
• Do not use vendor or product names on Form 470 during the bidding period
• Do not accept bundled pricing without itemized component breakdowns
• Do not discard bidding documentation — retain all records for ten years
• Do not miss the 120-day Form 486 filing window after receiving your FCDL