IA SF2200

School districts, charter schools, and area education agencies must implement email security solutions meeting specified standards by January 1, 2027.

Required email security features include inbound/outbound filtering for spam, malware, phishing, and ransomware; AI-driven threat detection with behavioral analysis and sandboxing; and impersonation protection against spoofed senders and lookalike domains.

Systems must include data loss prevention policies that scan emails for personally identifiable information, protected health information, and student records, with automatic block, quarantine, or encryption responses.

Additional requirements include policy-based encryption for outbound emails containing sensitive content, quarantine self-service portals, directory service integration, and comprehensive logging and forensic analysis capabilities.

Compliance costs shall be paid from existing state school foundation aid, with no additional state funding provided for implementation.