Sec. 109. Cybersecurity automation and checklists for government systems
432 words·~2 min read·
/bill/113/hr/756/eh/section-109A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 8(c) of the Cyber Security Research and Development Act ( 15 U.S.C. 7406(c) ) is amended to read as follows: The Director of the National Institute of Standards and Technology shall develop, and revise as necessary, security automation standards, associated reference materials (including protocols), and checklists providing settings and option selections that minimize the security risks associated with each information technology hardware or software system and security tool that is, or is likely to become, widely used within the Federal Government in order to enable standardized and interoperable technologies, architectures, and frameworks for continuous monitoring of information security within the Federal Government.
The Director of the National Institute of Standards and Technology shall establish priorities for the development of standards, reference materials, and checklists under this subsection on the basis of— the security risks associated with the use of the system; the number of agencies that use a particular system or security tool; the usefulness of the standards, reference materials, or checklists to Federal agencies that are users or potential users of the system; the effectiveness of the associated standard, reference material, or checklist in creating or enabling continuous monitoring of information security; or such other factors as the Director of the National Institute of Standards and Technology determines to be appropriate.
The Director of the National Institute of Standards and Technology may exclude from the application of paragraph
(1)any information technology hardware or software system or security tool for which such Director determines that the development of a standard, reference material, or checklist is inappropriate because of the infrequency of use of the system, the obsolescence of the system, or the inutility or impracticability of developing a standard, reference material, or checklist for the system. The Director of the National Institute of Standards and Technology shall ensure that Federal agencies are informed of the availability of any standard, reference material, checklist, or other item developed under this subsection. The development of standards, reference materials, and checklists under paragraph
(1)for an information technology hardware or software system or tool does not— require any Federal agency to select the specific settings or options recommended by the standard, reference material, or checklist for the system; establish conditions or prerequisites for Federal agency procurement or deployment of any such system; imply an endorsement of any such system by the Director of the National Institute of Standards and Technology; or preclude any Federal agency from procuring or deploying other information technology hardware or software systems for which no such standard, reference material, or checklist has been developed or identified under paragraph (1). .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 109
Cybersecurity automation and checklists for government systems
Cites 1Cited by 0 across 0 sources