Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 6497 (Introduced in House) — To modernize Federal information security management and improve Federal cybersecurity to combat persisting and emerg... · Sec. 204

Sec. 204. Ongoing threat hunting program

326 words·~1 min read·/bill/117/hr/6497/ih/section-204·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 540 days after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall, in accordance with the authorities granted the Secretary under sections 3553(b)(7)–(8) and 3553(m) of title 44, United States Code (as redesignated by this Act), establish a program to provide ongoing, hypothesis-driven threat-hunting services on the network of each agency. Not later than 180 days after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall develop a plan to establish the program required under paragraph
(1)that describes how the Director of the Cybersecurity and Infrastructure Security Agency plans to— determine the method for collecting, storing, accessing, analyzing, and safeguarding appropriate agency data; provide on-premises support to agencies; staff threat hunting services; allocate available human and financial resources to implement the plan; and provide input to the heads of agencies on the use of— more stringent standards under section 11331(c)(1) of title 40, United States Code; and additional cybersecurity procedures under section 3554 of title 44, United States Code. The Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director, shall submit to the appropriate congressional committees— not later than 30 days after the date on which the Director of the Cybersecurity and Infrastructure Security Agency completes the plan required under subsection (a)(2), a report on the plan to provide threat hunting services to agencies; not less than 30 days before the date on which the Director of the Cybersecurity and Infrastructure Security Agency begins providing threat hunting services under the program under subsection (a)(1), a report providing any updates to the plan developed under subsection (a)(2); and not later than 1 year after the date on which the Director of the Cybersecurity and Infrastructure Security Agency begins providing threat hunting services to agencies other than the Cybersecurity and Infrastructure Security Agency, a report describing lessons learned from providing those services.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.