Sec. 203. Protecting research from cyber theft
481 words·~2 min read·
/bill/117/hr/2153/ih/section-203A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 2(e)(1)(A) of the National Institute of Standards and Technology Act ( 15 U.S.C. 272(e)(1)(A) ) is amended— in clause (viii), by striking and after the semicolon; by redesignating clause
(ix)as clause (x); and by inserting after clause
(viii)the following: consider institutions of higher education (as defined in section 101 of the Higher Education Act of 1965 ( 20 U.S.C. 1001 )); and . Not later than 90 days after the date of the enactment of this Act, the Director shall, using the authorities of the Director under subsections (c)(15) and (e)(1)(A)(ix) of section 2 of the National Institute of Standards and Technology Act ( 15 U.S.C. 272 ), as amended by subsection (a), disseminate and make publicly available resources to help research institutions and institutions of higher education identify, assess, manage, and reduce their cybersecurity risk related to conducting research. The Director shall ensure that the resources disseminated pursuant to paragraph (1)— are generally applicable and usable by a wide range of research institutions and institutions of higher education; vary with the nature and size of the implementing research institutions or institutions of higher education, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing research institutions or institutions of higher education; include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist research institutions or institutions of higher education in mitigating common cybersecurity risks; include case studies of practical application; are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and to the extent practicable, are based on international standards. The Director shall ensure that the resources disseminated under paragraph
(1)are consistent with the efforts of the Director under section 401 of the Cybersecurity Enhancement Act of 2014 ( 15 U.S.C. 7451 ). The Director shall review periodically and update the resources under paragraph
(1)as the Director determines appropriate. The use of the resources disseminated under paragraph
(1)shall be considered voluntary. Nothing in this section may be construed to supersede, alter, or otherwise affect any cybersecurity requirements applicable to Federal agencies. In this section: The term Director means the Director of the National Institute of Standards and Technology. The term institution of higher education has the meaning given such term in section 101 of the Higher Education Act of 1965 ( 20 U.S.C. 1001 ). The term resources means guidelines, tools, best practices, standards, methodologies, and other ways of providing information. The term research institution — means a nonprofit institution (as defined in section 4(3) of the Stevenson-Wydler Technology Innovation Act of 1980 ( 15 U.S.C. 3703(3) )); and includes federally funded research and development centers, as identified by the National Science Foundation in accordance with the Federal Acquisition Regulation issued in accordance with section 1303(a)(1) of title 41 (or any successor regulation).
Connectionstraces to 4
Citation graph
cites case law
Cites 4Cited by 0 across 0 sources