Sec. 201. Mobile security standards
213 words·~1 min read·
/bill/117/hr/6497/ih/section-201A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of the enactment of this Act, the Director shall— evaluate mobile application security guidance promulgated by the Director; and issue guidance to secure mobile devices, including for mobile applications, for every agency. The guidance issued under subsection (a)(2) shall include— a requirement, pursuant to section 3506(b)(4) of title 44, United States Code, for every agency to maintain a continuous inventory of every— mobile device operated by or on behalf of the agency; and vulnerability identified by the agency associated with a mobile device; and a requirement for every agency to perform continuous evaluation of the vulnerabilities described in paragraph (1)(B) and other risks associated with the use of applications on mobile devices.
The Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall issue guidance to agencies for sharing the inventory of the agency required under subsection (b)(1) with the Director of the Cybersecurity and Infrastructure Security Agency, using automation and machine-readable data to the greatest extent practicable. Not later than 60 days after the date on which the Director issues guidance under subsection (a)(2), the Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall provide to the appropriate congressional committees a briefing on the guidance.