Sec. 107. Oversight of Government activities
915 words·~4 min read·
/bill/114/s/754/es/section-107·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of the enactment of this Act, and not less frequently than once every 2 years thereafter, the heads of the appropriate Federal entities shall jointly submit and the Inspector General of the Department of Homeland Security, the Inspector General of the Intelligence Community, the Inspector General of the Department of Justice, the Inspector General of the Department of Defense, and the Inspector General of the Department of Energy, in consultation with the Council of Inspectors General on Financial Oversight, shall jointly submit to Congress a detailed report concerning the implementation of this title during— in the case of the first report submitted under this paragraph, the most recent 1-year period; and in the case of any subsequent report submitted under this paragraph, the most recent 2-year period.
Each report submitted under paragraph
(1)shall include, for the period covered by the report, the following: An assessment of the sufficiency of the policies, procedures, and guidelines required by section 105 in ensuring that cyber threat indicators are shared effectively and responsibly within the Federal Government. An evaluation of the effectiveness of real-time information sharing through the capability and process developed under section 105(c), including any impediments to such real-time sharing. An assessment of the sufficiency of the procedures developed under section 103 in ensuring that cyber threat indicators in the possession of the Federal Government are shared in a timely and adequate manner with appropriate entities, or, if appropriate, are made publicly available. An assessment of whether cyber threat indicators have been properly classified and an accounting of the number of security clearances authorized by the Federal Government for the purposes of this title. A review of the type of cyber threat indicators shared with the appropriate Federal entities under this title, including the following: The number of cyber threat indicators received through the capability and process developed under section 105(c). The number of times that information shared under this title was used by a Federal entity to prosecute an offense consistent with section 105(d)(5)(A). The degree to which such information may affect the privacy and civil liberties of specific persons. A quantitative and qualitative assessment of the effect of the sharing of such cyber threat indicators with the Federal Government on privacy and civil liberties of specific persons, including the number of notices that were issued with respect to a failure to remove personal information or information that identified a specific person not directly related to a cybersecurity threat in accordance with the procedures required by section 105(b)(3)(D). The adequacy of any steps taken by the Federal Government to reduce such effect. A review of actions taken by the Federal Government based on cyber threat indicators shared with the Federal Government under this title, including the appropriateness of any subsequent use or dissemination of such cyber threat indicators by a Federal entity under section 105. A description of any significant violations of the requirements of this title by the Federal Government. A summary of the number and type of entities that received classified cyber threat indicators from the Federal Government under this title and an evaluation of the risks and benefits of sharing such cyber threat indicators. Each report submitted under paragraph
(1)may include recommendations for improvements or modifications to the authorities and processes under this title. Each report required by paragraph
(1)shall be submitted in unclassified form, but may include a classified annex. Not later than 2 years after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Privacy and Civil Liberties Oversight Board shall submit to Congress and the President a report providing— an assessment of the effect on privacy and civil liberties by the type of activities carried out under this title; and an assessment of the sufficiency of the policies, procedures, and guidelines established pursuant to section 105 in addressing concerns relating to privacy and civil liberties. Not later than 2 years after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Inspector General of the Department of Homeland Security, the Inspector General of the Intelligence Community, the Inspector General of the Department of Justice, the Inspector General of the Department of Defense, and the Inspector General of the Department of Energy shall, in consultation with the Council of Inspectors General on Financial Oversight, jointly submit to Congress a report on the receipt, use, and dissemination of cyber threat indicators and defensive measures that have been shared with Federal entities under this title. Each report submitted under subparagraph
(A)shall include the following: A review of the types of cyber threat indicators shared with Federal entities. A review of the actions taken by Federal entities as a result of the receipt of such cyber threat indicators. A list of Federal entities receiving such cyber threat indicators. A review of the sharing of such cyber threat indicators among Federal entities to identify inappropriate barriers to sharing information. Each report submitted under this subsection may include such recommendations as the Privacy and Civil Liberties Oversight Board, with respect to a report submitted under paragraph (1), or the Inspectors General referred to in paragraph (2)(A), with respect to a report submitted under paragraph (2), may have for improvements or modifications to the authorities under this title. Each report required under this subsection shall be submitted in unclassified form, but may include a classified annex.