Sec. 202. Mobile security standards
250 words·~1 min read·
/bill/117/s/2902/is/section-202A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of enactment of this Act, the Director shall— evaluate mobile application security standards promulgated under section 11331(b) of title 44, United States Code; and issue guidance to implement mobile security standards in effect on the date of enactment of this Act promulgated under section 11331(b) of title 40, United States Code, including for mobile applications, for every agency. The guidance issued under subsection (a)(2) shall include— a requirement, pursuant to section 3506(b)(4) of title 44, United States Code, for every agency to maintain a continuous inventory of every— mobile device operated by or on behalf of the agency; mobile application installed on a mobile device described in subparagraph (A); and vulnerability identified by the agency associated with a mobile device or mobile application described in subparagraphs
(A)and (B); and a requirement for every agency to perform continuous evaluation of the vulnerabilities described in paragraph (1)(C) and other risks. The Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall issue guidance to agencies for sharing the inventory of the agency required under subsection (b)(1) with the Director of the Cybersecurity and Infrastructure Security Agency, using automation and machine-readable data to the greatest extent practicable. Not later than 60 days after the date on which the Director issues guidance under subsection (a)(2), the Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall provide to the appropriate congressional committees a briefing on the guidance.