The Children’s Internet Protection Act (CIPA) requires schools and libraries that receive E-rate funding to have technology protection measures in place — specifically, filters that block access to obscene content, child pornography, and content that is harmful to minors. For large school districts, this is handled through network-level filtering managed by IT staff. For small schools, churches with computer labs, homeschool co-ops, and public libraries, it often isn’t.
The common workarounds — disabling internet access entirely, using consumer parental controls, or relying on teachers to supervise every session — are either too restrictive or too fragile.
What CIPA actually requires
CIPA filtering requirements apply to:
- Schools and libraries receiving E-rate discounts for internet access or internal connections
- Any computer used by minors to access the internet
The filter must block visual depictions that are obscene, contain child pornography, or — in the case of minors — are harmful to minors. CIPA also requires that an internet safety policy is adopted and that the technology protection measures are operational.
CIPA does not specify which software or method must be used. A whitelist-only browser that prevents access to all unapproved content meets the requirement as completely as a network-level content filter — because no unapproved content is reachable at all.
Why whitelist filtering works for small institutions
Content filters classify sites and block known-bad content. They require:
- Ongoing maintenance as new sites are classified
- Subscription to a filter database that stays current
- Either network-level deployment (which requires IT infrastructure) or per-device setup
A whitelist browser requires none of that. The filtering is absolute — if a site isn’t on the approved list, it doesn’t load. There’s no classification problem, no database to subscribe to, and no question of whether a specific site has been categorized correctly.
For a school computer lab used for defined educational purposes, this is usually the better fit. Students need access to their curriculum tools and approved research resources — not the open internet with guardrails.
Managing multiple computers without IT staff
The practical challenge for small institutions isn’t the filter itself — it’s managing ten, twenty, or thirty computers without a dedicated IT person.
KidSplorer’s institutional tiers address this directly:
- A single admin dashboard manages all computers in the institution
- Whitelist changes apply to all machines immediately — add a site once, it’s available everywhere
- Shareable whitelist templates let one administrator build a list and share it across multiple classrooms or co-op groups
- KidSplorer updates itself silently on every computer — no administrator needs to visit machines for software updates
For a school with a part-time administrator or a church with volunteer IT oversight, this means setup is genuinely a one-time task. After the initial install, the machines manage themselves.
Setup for a school or library
- Install KidSplorer on each computer using the standard installer or a bulk deployment script
- Create an admin account and link all computers to the institution profile
- Build a whitelist from your curriculum tools, approved research sites, and any required student portals
- Set allowed hours to match your computer lab schedule
- Distribute the admin contact to any staff who should be able to approve site requests
When a student requests a site, the admin receives an email and approves it with one tap. Students requesting legitimate resources for a class assignment can be approved within minutes — without the admin needing to be physically present at a specific computer.
Documentation for CIPA audits
KidSplorer’s institutional tier includes access logs showing what sites were accessed and when, along with device version tracking for audit purposes. For libraries and schools that need to demonstrate compliance, the combination of whitelist configuration and access logs provides a straightforward audit trail.
CIPA compliance documentation — including filtering policy templates — is included with the Institutional L tier.
CIPA compliance checklist for small schools and libraries
Use this as a starting point when documenting your compliance status for E-rate purposes:
- Internet safety policy adopted by governing board, co-op committee, or administration
- Policy addresses all three CIPA categories: obscene content, child pornography, and content harmful to minors
- Technology protection measure is operational on every computer used by minors
- Filter or whitelist is configured and verified — confirmed that non-approved content is blocked
- Policy covers online activities of minors (including monitoring of student internet use as defined by your policy)
- Access logs or whitelist records are available for audit if requested
- Responsible-use agreement distributed to students and staff if applicable
- Annual review of the internet safety policy scheduled
This checklist is not legal advice. CIPA requirements vary depending on how your institution receives E-rate funding and whether you receive LSTA (Library Services and Technology Act) funds. Consult your E-rate consultant or E-rate coordinator if your situation is complex.
Frequently asked questions
Does CIPA require internet access to be blocked entirely? No. CIPA requires filters — not full disconnection. Computers can access the internet as long as technology protection measures are in place that block prohibited content for minors. A whitelist browser satisfies this because it prevents access to any site not explicitly approved.
Does a whitelist browser count as CIPA-compliant filtering? Yes. CIPA specifies what must be blocked, not the mechanism used to block it. A whitelist browser is more restrictive than most content filters — nothing unapproved is reachable at all — which exceeds the minimum requirement.
Our school doesn’t receive E-rate funding. Do we still need to comply? If you don’t receive E-rate or LSTA funding, CIPA does not apply to your institution federally. However, some states have their own internet safety requirements for schools that may apply regardless of funding. Check with your state’s department of education.
What if a student needs a site that isn’t on our whitelist? KidSplorer’s institutional tier lets students submit site requests directly from the browser. An administrator receives a notification and can approve it in one tap. This keeps the whitelist current without requiring administrator access to each machine.
What does the audit documentation look like? The institutional tier provides access logs (site requests and approvals), device version records, and export options for whitelist configurations. This creates a clear paper trail showing which sites were approved, when, and by whom.
Related reading:
- Whitelist Browser for Kids: Why Allowlists Work Better — why whitelist-only internet filtering is more reliable than content classification for student computers, and when each approach fits the situation
- Safe Browser for Kids on Windows: How KidSplorer Works — the full feature breakdown and Windows setup walkthrough for computer labs, including multi-computer management from a single dashboard
- Homeschool Computer Setup: Locking the Browser to Curriculum Sites — how the same whitelist approach works for homeschool families and co-op groups managing shared or per-child computer configurations
KidSplorer’s institutional plans start at $99/year for up to 5 devices. Visit KidSplorer → for pricing details and a 30-day free trial for schools and churches.
Devicode Team
Written by the team that builds and uses these products — practitioners who run into these problems in real workflows, not just analysts describing them from the outside.