Sec. 304. Endpoint detection and response as a service pilot
444 words·~2 min read·
/bill/117/hr/6497/ih/section-304A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Cybersecurity and Infrastructure Security Agency is directed to establish and conduct a pilot to determine the feasibility, value, and efficacy of providing endpoint detection and response capabilities as a shared service to Federal agencies to reduce costs, enhance interoperability, and continuously detect and mitigate threat activity on Federal networks. Not later than 90 days after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall develop a plan to establish a centralized endpoint detection and response shared service offering within the Cybersecurity and Infrastructure Security Agency. The plan required under subsection
(b)shall include considerations for— understanding and assessing the full extent of endpoints across the Federal civilian environment; maximizing the value of existing agency investments in endpoint detection and response tools and services; aggregating the available contract vehicles and options that provide agencies with appropriate capability for their environment and architecture; equipping all endpoints and services of pilot agencies with endpoint detection and response programs; aggregating network, cloud, and endpoint data from both within the agency and across agencies to provide enterprise-wide monitoring of the network to detect abnormal network behavior and automate defensive capabilities; and appropriate interagency agreements, concepts of operations, and governance plans. Not later than 180 days after the date on which the plan required under subsection
(b)is developed, the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director, shall enter into a 1-year agreement with not less than 2 agencies to offer endpoint detection and response as a shared service. After the date on which the briefing required under subsection (e)(1) is provided, the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director, may enter into additional 1-year agreements described in paragraph
(1)with agencies. Not later than 270 days after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall provide to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security and the Committee on Oversight and Reform of the House of Representatives a briefing on the parameters of any 1-year agreements entered into under subsection (d)(1). Not later than 90 days after the date on which the first 1-year agreement entered into under subsection
(d)expires, the Director of the Cybersecurity and Infrastructure Security Agency shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security and the Committee on Oversight and Reform of the House of Representatives a report on— the agreement; and any additional agreements entered into with agencies under subsection (d).