Sec. 302. Authority of Secretary
228 words·~1 min read·
/bill/113/hr/3032/ih/section-302A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Secretary shall have primary authority, in consultation with the Director of the National Office for Cyberspace and the Federal Cyberspace Practice Board, in the executive branch of the Federal Government in creation, verification, and enforcement of measures with respect to the protection of critical information infrastructure, including promulgating risk-informed information security practices and standards applicable to critical information infrastructures that are not owned by or under the direct control of the Federal Government.
The Secretary should consult with appropriate private sector entities, including private owners and operators of the affected infrastructure, to carry out this section. In establishing measures with respect to the protection of critical information infrastructure the Secretary shall— consult with the Secretary of Commerce, the Secretary of Defense, the National Institute of Standards and Technology, and other sector specific Federal regulatory agencies in exercising the authority referred to in subsection (a); and coordinate, though the Executive Office of the President, with sector specific Federal regulatory agencies, including the Federal Energy Regulatory Commission, in establishing enforcement mechanisms under the authority referred to in subsection (a).
The Secretary may— conduct such audits as are necessary to ensure that appropriate measures are taken to secure critical information infrastructure; issue such subpoenas as are necessary to determine compliance with Federal regulatory requirements for securing critical information infrastructure; and authorize sector specific Federal regulatory agencies to undertake such audits.