CYBERSECURITY PILOT Program: APPLICANTS MUST FOLLOW STRICT RULES

Many applicants selected for participation in the Cybersecurity Pilot Program may not be fully aware of the strict reporting requirements.

Each applicant was required to submit a baseline report that provided a snapshot of their cybersecurity status at a specific point in time. The FCC will initially use this baseline data to guide its early reporting and analysis.

As funding is released, applicants must submit additional reports—each reflecting a new snapshot in time. These reports must detail the progress and work completed since the original baseline was submitted.

Below are the Reporting Requirements.

FCC Cybersecurity Pilot Program Reporting Requirements

1. Baseline Report

   • Submitted with the initial application.

   • Establishes the fixed reference point for all future comparisons throughout the year.

   • Baseline must not be altered throughout the program duration.

2. Annual Reports

   • One report is due each year within 60 days after June 30.

   • These reports measure progress against the baseline.

   • Deadline example: Annual reports for Year 1 are due by August 29.

3. Final Report

   • Submitted after the third year, also within 60 days of June 30.

   • Must include the third annual report.

4. FCC Summary Reports

   • Interim Report (published by FCC): No later than 180 days after submission of Year 2 annual reports.

   • Final Report (published by FCC): No later than 180 days after submission of final reports.

   • FCC will aggregate sensitive information to protect confidentiality.