Sec. 3. Sharing of information by the Federal Government
519 words·~2 min read·
/bill/114/s/754/pcs/section-3·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Consistent with the protection of classified information, intelligence sources and methods, and privacy and civil liberties, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General, in consultation with the heads of the appropriate Federal entities, shall develop and promulgate procedures to facilitate and promote— the timely sharing of classified cyber threat indicators in the possession of the Federal Government with cleared representatives of relevant entities; the timely sharing with relevant entities of cyber threat indicators or information in the possession of the Federal Government that may be declassified and shared at an unclassified level; the sharing with relevant entities, or the public if appropriate, of unclassified, including controlled unclassified, cyber threat indicators in the possession of the Federal Government; and the sharing with entities, if appropriate, of information in the possession of the Federal Government about cybersecurity threats to such entities to prevent or mitigate adverse effects from such cybersecurity threats.
The procedures developed and promulgated under subsection
(a)shall— ensure the Federal Government has and maintains the capability to share cyber threat indicators in real time consistent with the protection of classified information; incorporate, to the greatest extent practicable, existing processes and existing roles and responsibilities of Federal and non-Federal entities for information sharing by the Federal Government, including sector specific information sharing and analysis centers; include procedures for notifying entities that have received a cyber threat indicator from a Federal entity under this Act that is known or determined to be in error or in contravention of the requirements of this Act or another provision of Federal law or policy of such error or contravention; include requirements for Federal entities receiving cyber threat indicators or defensive measures to implement and utilize security controls to protect against unauthorized access to or acquisition of such cyber threat indicators or defensive measures; and include procedures that require a Federal entity, prior to the sharing of a cyber threat indicator— to review such cyber threat indicator to assess whether such cyber threat indicator contains any information that such Federal entity knows at the time of sharing to be personal information of or identifying a specific person not directly related to a cybersecurity threat and remove such information; or to implement and utilize a technical capability configured to remove any personal information of or identifying a specific person not directly related to a cybersecurity threat. In developing the procedures required under this section, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General shall coordinate with appropriate Federal entities, including the National Laboratories (as defined in section 2 of the Energy Policy Act of 2005 ( 42 U.S.C. 15801 )), to ensure that effective protocols are implemented that will facilitate and promote the sharing of cyber threat indicators by the Federal Government in a timely manner. Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence, in consultation with the heads of the appropriate Federal entities, shall submit to Congress the procedures required by subsection (a).
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 3
Sharing of information by the Federal Government
Cites 1Cited by 0 across 0 sources