Sec. 2305. Protecting research from cyber theft
463 words·~2 min read·
/bill/117/hr/4521/eas/section-2305A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 2(e)(1)(A) of the National Institute of Standards and Technology Act ( 15 U.S.C. 272(e)(1)(A) ) is amended— in clause (viii), by striking and after the semicolon; by redesignating clause
(ix)as clause (x); and by inserting after clause
(viii)the following: consider institutions of higher education (as defined in section 101 of the Higher Education Act of 1965 ( 20 U.S.C. 1001 )); and . Not later than 90 days after the date of enactment of this division, the Director shall, using the authorities of the Director under subsection (e)(1)(A)(ix) of section 2 of the National Institute of Standards and Technology Act ( 15 U.S.C. 272 ), as amended by subsection (a), disseminate and make publicly available resources to help research institutions and institutions of higher education identify, protect the institution involved from, detect, respond to, and recover to manage the cybersecurity risk of the institution involved related to conducting research. The Director shall ensure that the resources disseminated pursuant to paragraph (1)— are generally applicable and usable by a wide range of research institutions and institutions of higher education; vary with the nature and size of the implementing research institutions or institutions of higher education, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing research institutions or institutions of higher education; include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist research institutions or institutions of higher education in mitigating common cybersecurity risks; include case studies of practical application; are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and to the extent practicable, are based on international standards. The Director shall ensure that the resources disseminated under paragraph
(1)are consistent with the efforts of the Director under section 303 of the Cybersecurity Enhancement Act of 2014 ( 15 U.S.C. 7443 ). The Director shall review periodically and update the resources under paragraph
(1)as the Director determines appropriate. The use of the resources disseminated under paragraph
(1)shall be considered voluntary. Nothing in this section may be construed to supersede, alter, or otherwise affect any cybersecurity requirements applicable to Federal agencies. In this section: The term Director means the Director of the National Institute of Standards and Technology. The term resources means guidelines, tools, best practices, standards, methodologies, and other ways of providing information. The term research institution — means a nonprofit institution (as defined in section 4 of the Stevenson-Wydler Technology Innovation Act of 1980 ( 15 U.S.C. 3703 )); and includes Federally funded research and development centers, as identified by the National Science Foundation in accordance with the Federal Acquisition Regulation issued in accordance with section 1303(a)(1) of title 41 (or any successor regulation).
Connectionstraces to 4
Citation graph
cites case law
Cites 4Cited by 0 across 0 sources