Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 2902 (Introduced in Senate) — To modernize Federal information security management, and for other purposes. · Sec. 204

Sec. 204. Data and logging retention for incident response

279 words·~1 min read·/bill/117/s/2902/is/section-204

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 60 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Attorney General and the National Cyber Director, shall submit to the Director recommendations on requirements for logging events on agency systems and retaining other relevant data within the systems and networks of an agency. The recommendations provided under subsection
(a)shall include— the types of logs to be maintained; the time periods to retain the logs and other relevant data; the time periods for agencies to enable recommended logging and security requirements; how to ensure the confidentiality, integrity, and availability of logs; requirements to ensure that, upon request, agencies provide logs to— the Director of the Cybersecurity and Infrastructure Security Agency for a cybersecurity purpose; and the Federal Bureau of Investigation to investigate potential criminal activity; and ensuring the highest level security operations center of each agency has visibility into all agency logs. Not later than 90 days after receiving the recommendations submitted under subsection (a), the Director, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency and the Attorney General, shall promulgate guidance to agencies to establish requirements for logging, log retention, log management, and sharing of log data with other appropriate agencies. Not later than 2 years after the date on which the Director of the Cybersecurity and Infrastructure Security Agency submits the recommendations required under subsection (a), and not less frequently than every 2 years thereafter, the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Attorney General, shall evaluate the recommendations and provide an update on the recommendations to the Director as necessary.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.