Sec. 107. Oversight of Government activities
1,188 words·~5 min read·
/bill/114/hr/1560/rds/section-107·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 111 of the National Security Act of 1947, as added by section 102(a) and amended by section 104(a) of this title, is further amended— by redesignating subsection
(c)(as redesignated by such section 104(a)) as subsection (d); and by inserting after subsection
(b)(as inserted by such section 104(a)) the following new subsection: Not less frequently than once every two years, the Director of National Intelligence, in consultation with the heads of the other appropriate Federal entities, shall submit to Congress a report concerning the implementation of this section and the Protecting Cyber Networks Act . Each report submitted under paragraph
(1)shall include the following: An assessment of the sufficiency of the policies, procedures, and guidelines required by this section and section 4 of the Protecting Cyber Networks Act in ensuring that cyber threat indicators are shared effectively and responsibly within the Federal Government. An assessment of whether the procedures developed under section 3 of such Act comply with the goals described in subparagraphs (A), (B), and
(C)of subsection (a)(1). An assessment of whether cyber threat indicators have been properly classified and an accounting of the number of security clearances authorized by the Federal Government for the purposes of this section and such Act. A review of the type of cyber threat indicators shared with the Federal Government under this section and such Act, including the following: The degree to which such information may impact the privacy and civil liberties of specific persons. A quantitative and qualitative assessment of the impact of the sharing of such cyber threat indicators with the Federal Government on privacy and civil liberties of specific persons. The adequacy of any steps taken by the Federal Government to reduce such impact. A review of actions taken by the Federal Government based on cyber threat indicators shared with the Federal Government under this section or such Act, including the appropriateness of any subsequent use or dissemination of such cyber threat indicators by a Federal entity under this section or section 4 of such Act. A description of any significant violations of the requirements of this section or such Act by the Federal Government— an assessment of all reports of officers, employees, and agents of the Federal Government misusing information provided to the Federal Government under the Protecting Cyber Networks Act or this section, without regard to whether the misuse was knowing or wilful; and an assessment of all disciplinary actions taken against such officers, employees, and agents. A summary of the number and type of non-Federal entities that received classified cyber threat indicators from the Federal Government under this section or such Act and an evaluation of the risks and benefits of sharing such cyber threat indicators. An assessment of any personal information of or information identifying a specific person not directly related to a cybersecurity threat that— was shared by a non-Federal entity with the Federal Government under this Act in contravention of section 3(d)(2) of such Act; or was shared within the Federal Government under this Act in contravention of the guidelines required by section 4(b) of such Act. Each report submitted under paragraph
(1)may include such recommendations as the heads of the appropriate Federal entities may have for improvements or modifications to the authorities and processes under this section or such Act. Each report required by paragraph
(1)shall be submitted in unclassified form, but may include a classified annex. The Director of National Intelligence shall make publicly available the unclassified portion of each report required by paragraph (1). . The first report required under subsection
(c)of section 111 of the National Security Act of 1947, as inserted by paragraph
(1)of this subsection, shall be submitted not later than 1 year after the date of the enactment of this title. Section 1061(e) of the Intelligence Reform and Terrorism Prevention Act of 2004 ( 42 U.S.C. 2000ee(e) ) is amended by adding at the end the following new paragraph: The Privacy and Civil Liberties Oversight Board shall biennially submit to Congress and the President a report containing— an assessment of the privacy and civil liberties impact of the activities carried out under the Protecting Cyber Networks Act and the amendments made by such Act; and an assessment of the sufficiency of the policies, procedures, and guidelines established pursuant to section 4 of the Protecting Cyber Networks Act and the amendments made by such section 4 in addressing privacy and civil liberties concerns. Each report submitted under this paragraph may include such recommendations as the Privacy and Civil Liberties Oversight Board may have for improvements or modifications to the authorities under the Protecting Cyber Networks Act or the amendments made by such Act. Each report required under this paragraph shall be submitted in unclassified form, but may include a classified annex. The Privacy and Civil Liberties Oversight Board shall make publicly available the unclassified portion of each report required by subparagraph (A). . The first report required under paragraph
(3)of section 1061(e) of the Intelligence Reform and Terrorism Prevention Act of 2004 ( 42 U.S.C. 2000ee(e) ), as added by subparagraph
(A)of this paragraph, shall be submitted not later than 2 years after the date of the enactment of this title. Not later than 2 years after the date of the enactment of this title and not less frequently than once every 2 years thereafter, the Inspector General of the Department of Homeland Security, the Inspector General of the Intelligence Community, the Inspector General of the Department of Justice, and the Inspector General of the Department of Defense, in consultation with the Council of Inspectors General on Financial Oversight, shall jointly submit to Congress a report on the receipt, use, and dissemination of cyber threat indicators and defensive measures that have been shared with Federal entities under this title and the amendments made by this title. Each report submitted under subparagraph
(A)shall include the following: A review of the types of cyber threat indicators shared with Federal entities. A review of the actions taken by Federal entities as a result of the receipt of such cyber threat indicators. A list of Federal entities receiving such cyber threat indicators. A review of the sharing of such cyber threat indicators among Federal entities to identify inappropriate barriers to sharing information. A review of the current procedures pertaining to the sharing of information, removal procedures for personal information or information identifying a specific person, and any incidents pertaining to the improper treatment of such information. Each report submitted under this paragraph may include such recommendations as the Inspectors General referred to in subparagraph
(A)may have for improvements or modifications to the authorities under this title or the amendments made by this title. Each report required under this paragraph shall be submitted in unclassified form, but may include a classified annex. The Inspector General of the Department of Homeland Security, the Inspector General of the Intelligence Community, the Inspector General of the Department of Justice, and the Inspector General of the Department of Defense shall make publicly available the unclassified portion of each report required under subparagraph (A).
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 107
Oversight of Government activities
Cites 1Cited by 0 across 0 sources