FERPA Compliance Guide

import { Aside } from ‘@astrojs/starlight/components’;

The Family Educational Rights and Privacy Act (FERPA) requires educational agencies to protect the privacy of student education records. Bastion EDR Professional provides a dedicated FERPA dashboard with PII detection, access timelines, and a 14-control compliance checklist.

What FERPA requires from a security perspective

FERPA doesn’t prescribe specific technical controls, but the Department of Education’s guidance and breach notification requirements imply:

1. Access controls — Only authorized staff can access student records
2. Audit trails — Evidence of who accessed what, and when
3. Breach detection — Ability to detect and respond to unauthorized access
4. Breach notification — Notify affected students/parents within a reasonable timeframe

Bastion EDR addresses all four.

PII detection

The Bastion agent monitors for patterns consistent with student PII:

• Student ID numbers
• Social Security Numbers
• Date of birth patterns in file content
• Name + address combinations
• FERPA-protected record identifiers

When a PII pattern is detected in a file access or network event, it’s tagged in the FERPA → PII Timeline view.

FERPA dashboard controls

The FERPA compliance dashboard tracks 14+ controls:

Control	What Bastion checks
Access control policies	Console user roles (admin, analyst, read-only)
Unique user identification	Per-user JWT authentication
Audit log completeness	Hash-chained audit trail with no gaps
PII access monitoring	Tagged PII access events in timeline
Incident response process	Open incident tracking and resolution status
Software inventory	Shadow IT detection — unapproved apps accessing records
USB/removable media	USB write blocking policy status
Encryption at rest	PHI/PII encryption status
Network isolation capability	Ability to isolate compromised endpoints
Unauthorized access detection	Bulk access detection (data exfiltration alerting)

PII access timeline

Navigate to Compliance → FERPA → PII Timeline to see:

• Every file system and network event where a PII pattern was detected
• User identity (if logged into the endpoint)
• Timestamp, file path or network destination
• Detection confidence score
• Endpoint and process that triggered the event

Filters: date range, endpoint, user, confidence level, event type.

Bulk access detection

Bastion automatically flags unusual volumes of student record access — a common pattern in both external breaches and insider threats. When a user or process accesses an abnormally large number of records in a short window:

1. An alert is raised in Security → Bulk Access Alerts
2. The event is logged with full context
3. If a playbook is configured, the response is triggered automatically (endpoint isolation, notification)

Exporting for auditors

The FERPA compliance report includes:

• Current compliance score and control status
• PII access summary for the audit period
• List of open alerts related to student records
• Bulk access incidents

Export from Compliance → FERPA → Export Report. Reports are timestamped and the underlying audit trail is cryptographically signed, providing evidence of integrity.

Breach notification support

In the event of a suspected FERPA breach:

1. Go to Compliance → Breach Notification
2. Bastion pre-populates a draft notification using the detected incident scope
3. Review and customize before sending to affected students/parents

FERPA breach notification timelines vary by state. Consult your district's legal counsel for specific deadlines in your jurisdiction.

Role-based access to FERPA data

Limit who in your IT team can view the FERPA compliance dashboard:

• Admin — Full access including PII timeline and report export
• Analyst — View alerts and incidents; no PII timeline access
• Read-only — Dashboard statistics only

Configure roles in Settings → Users.