Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 8403 (Introduced in House) — To encourage and improve Federal proactive cybersecurity initiatives, and for other purposes. · Sec. 5

Sec. 5. Penetration testing reports

301 words·~1 min read·/bill/117/hr/8403/ih/section-5

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than one year after the date of the enactment of this Act and annually thereafter, the Director shall aggregate and review the results of the penetration testing provided to the Director under section 3(a)(1)(B). Not later than 180 days after each review under paragraph (1), the Director, based on such review, shall provide to each agency a report containing the following: A summary of the results of such review, including an identification of risks and other results common across agencies.
An assessment, based on the document entitled Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (National Institute of Standards and Technology Special Publication 800–37, Revision 2; December 2018) or a successor document, of the severity of risks identified under subparagraph (A). An analysis of the duration of time that such risks have existed. Recommendations for mitigating such risks, which prioritize risks assessed as the highest severity pursuant to subparagraph (B).
Not later than 180 days after each report provided under paragraph (2), the Director shall submit to Congress a report that contains— a summary of the report provided under such paragraph; and recommendations for legislative action relating to the matters referred to in such paragraph. Not later than 180 days after the date of the enactment of this Act, the Comptroller General of the United States shall submit to Congress a report on penetration testing, which shall include the following:
An identification of which departments or agencies are obligating and expending funds on penetration testing and how such funds are being used, including whether such funds are being used on independent penetration testing. Recommendations for legislative action regarding additional authority or resources needed by departments or agencies to conduct penetration testing more effectively, including with respect to independent penetration testing.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.