Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 8403 (Introduced in House) — To encourage and improve Federal proactive cybersecurity initiatives, and for other purposes. · Sec. 3

Sec. 3. Increasing proactive cybersecurity initiatives

446 words·~2 min read·/bill/117/hr/8403/ih/section-3

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The head of each department or agency shall carry out the following: Conduct regular penetration testing on the information systems (as described in paragraph (2)) of such department or agency. Provide to the Director, the National Cyber Director, and the Director of the Office of Management and Budget a report on the results of such testing, including— an identification of any risks discovered; and a description of how cybersecurity at such department or agency may be improved.
For purposes of paragraph (1)(A), an information system of an agency to be tested is one described as moderate- or high-impact in the document titled Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (National Institute of Standards and Technology Special Publication 800–37, Revision 2; December 2018) or in a successor document. Not later than one year after the date of the enactment of this Act, the Director, in consultation with the Secretary of Defense, the National Cyber Director, the Director of National Intelligence, the Secretary of Homeland Security, and the head of any other department or agency the Director determines appropriate, shall issue guidance to facilitate the implementation of subsection (a), which shall include the following:
Information regarding how departments and agencies are to utilize independent penetration testing carried out by another department or agency, a national laboratory, or a private entity. Recommendations regarding how best to utilize, within the budget of an agency, penetration testing, including independent penetration testing. Recommendations for minimum rules of engagement. Not later than one year after the date of the enactment of this Act, the Director shall submit to the appropriate congressional committees a report that includes the following:
An analysis of whether increased engagement is needed from national laboratories and the private sector to assist with the protection of the information systems of agencies through the use of the following: Active defense techniques. Deception technologies. Penetration testing. An analysis of the feasibility and benefits of consolidating within the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security proactive cybersecurity initiatives. An analysis of whether the Director requires additional authorities or resources to carry out proactive cybersecurity initiatives for agencies.
In this subsection, the term appropriate congressional committees means— with respect to the House of Representatives— the Committee on Appropriations; the Committee on Armed Services; the Committee on Homeland Security; the Committee on the Judiciary; the Committee on Oversight and Reform; and the Permanent Select Committee on Intelligence; and with respect to the Senate— the Committee on Appropriations; the Committee on Armed Services; the Committee on Homeland Security and Governmental Affairs; the Committee on the Judiciary; and the Select Committee on Intelligence.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.