Schools warned about conducting security exercises that include intellectual property
January 04, 2022
Postsecondary institutions should conduct exercises to help educate employees about security procedures, but the exercise itself should not violate government trademarks or copyrights.
In a December 15 Electronic Announcement, the Department of Education advised institutions about the use of protected brands and the use of U.S. government agencies' names, logos, or insignia without permission in phishing exercises.
According to the announcement, "the name, logo, or insignia of a U.S. government agency cannot be used in a manner that suggests association with or endorsement by the agency or implies endorsement by a government agency, official, or employee."
The Department said that phishing exercises, which was referred to as "critical" in the announcement, should not include references to a U.S. government agency's logos, trademarks, service marks, or protected marks. In addition, the Department said the U.S. government agency "may contact the institution to terminate the exercise, notify all exercise recipients, and/or require a response from the individual(s) that authorized the exercise."
The Department added that while most U.S. government creative works – such as writing or images – can be used without permission (referred to as "copyright free"), not all government works can be used without permission.
To learn more about how copyright laws apply to U.S. government works, visit usa.gov/government-works.
For more information, contact FSASchoolCyberSafety@ed.gov.