Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · H.R. 3352 (Referred in Senate) — To provide for certain authorities of the Department of State, and for other purposes. · Sec. 502

Sec. 502. Information system security

622 words·~3 min read·/bill/116/hr/3352/rfs/section-502

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this section: The term incident has the meaning given such term in section 3552(b) of title 44, United States Code. The term penetration test means a test methodology in which assessors attempt to circumvent or defeat the security features of an information system. Not later than 60 days after the date of the enactment of this Act, the Secretary shall establish a process for conducting semiannual consultations with the Secretary of Defense, the Director of National Intelligence, the Secretary of Homeland Security, and any other department or agency representative who the Secretary determines to be appropriate regarding the security of United States Government and nongovernmental information systems used or operated by the Department, a contractor of the Department, or another organization on behalf of the Department, including any such systems or networks facilitating the use of sensitive or classified information.
In coordination with the consultations under subsection (b), the Secretary shall commission independent, semiannual penetration tests, which shall be carried out by an appropriate Federal department or agency other than the Department, such as the Department of Homeland Security or the National Security Agency, to ensure that adequate policies and protections are implemented to detect and prevent penetrations or compromises of such information systems, including malicious intrusions by any unauthorized individual, state actor, or other entity.
The Secretary may waive the requirement under subsection
(c)for up to 1 year if the Secretary— determines that such requirement would have adverse effects on national security or the diplomatic mission of the Department; and not later than 30 days after the commencement of such a determination, submits to the relevant congressional committees a written justification that describes how such penetration tests would undermine national security or the diplomatic mission of the Department. Not later than 180 days after the date of the enactment of this Act and annually thereafter for 3 years, the Secretary, in consultation with the Secretary of Defense, the Director of the National Intelligence, the Secretary of Homeland Security, and any other department or agency representative who the Secretary determines to be appropriate, shall securely submit to the relevant congressional committees a classified report that describes in detail the following: For the first reporting period, all known and suspected incidents affecting the information systems specified in subsection
(b)that occurred during the 180-day period immediately preceding the date of the enactment of this Act. For all subsequent reporting periods, all known and suspected incidents affecting the information systems specified in subsection
(b)that occurred since the submission of the most recent report. Each report under subsection
(e)shall include, for the relevant reporting period, a summary overview addressing the following: A description of the relevant information system, as specified in subsection (b), that experienced a known or suspected incident. An assessment of the date and time each such incident occurred or was suspected to have occurred. An assessment of the duration over which each such incident took place or is suspected of having taken place, including whether such incident is ongoing. An assessment of the volume and sensitivity of information accessed, compromised, or potentially compromised by each incident, including any such information contained on information systems owned, operated, managed, or utilized by any other Federal department or agency. An assessment of whether such information system was compromised by such incident, including an assessment of the following: The known or suspected perpetrators, including state actors. The methods used to carry out the incident. The known or suspected intent of the actors in accessing the information system. A description of the actions the Department has taken or plans to take, including timelines and descriptions of any progress on plans described in prior reports, to prevent future, similar incidents affecting such information systems.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.