Sec. 104. Additional guidance to agencies on FISMA updates
173 words·~1 min read·
/bill/117/hr/6497/ih/section-104A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of the enactment of this Act, the Director shall issue guidance for agencies on— performing the ongoing and continuous agency system risk assessment required under section 3554(a)(1)(A) of title 44, United States Code, as amended by this Act; implementing additional cybersecurity procedures, which shall include resources for shared services; establishing a process for providing the status of each remedial action under section 3554(b)(7) of title 44, United States Code, as amended by this Act, to the Director and the Director of the Cybersecurity and Infrastructure Security Agency using automation and machine-readable data, as practicable, which shall include— specific guidance for the use of automation and machine-readable data; and templates for providing the status of the remedial action; interpreting the definition of high value asset under section 3552 of title 44, United States Code, as amended by this Act; and a requirement to coordinate with inspectors general of agencies to ensure consistent understanding and application of agency policies for the purpose of evaluations by inspectors general.