Sec. 105. Actions to enhance Federal incident transparency
761 words·~3 min read·
/bill/117/s/3600/es/section-105A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall— develop a plan for the development of the analysis required under section 3597(a) of title 44, United States Code, as added by this title, and the report required under subsection
(b)of that section that includes— a description of any challenges the Director of the Cybersecurity and Infrastructure Security Agency anticipates encountering; and the use of automation and machine-readable formats for collecting, compiling, monitoring, and analyzing data; and provide to the appropriate congressional committees a briefing on the plan developed under subparagraph (A). Not later than 1 year after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall provide to the appropriate congressional committees a briefing on— the execution of the plan required under paragraph (1)(A); and the development of the report required under section 3597(b) of title 44, United States Code, as added by this title. Section 2 of the Federal Information Security Modernization Act of 2014 ( 44 U.S.C. 3554 note) is amended— by striking subsection (b); and by redesignating subsections
(c)through
(f)as subsections
(b)through (e), respectively. The Director shall develop guidance, to be updated not less frequently than once every 2 years, on the content, timeliness, and format of the information provided by agencies under section 3594(a) of title 44, United States Code, as added by this title. The guidance developed under subparagraph
(A)shall— prioritize the availability of data necessary to understand and analyze— the causes of incidents; the scope and scale of incidents within the environments and systems of an agency; a root cause analysis of incidents that— are common across the Federal Government; or have a Government-wide impact; agency response, recovery, and remediation actions and the effectiveness of those actions; and the impact of incidents; enable the efficient development of— lessons learned and recommendations in responding to, recovering from, remediating, and mitigating future incidents; and the report on Federal incidents required under section 3597(b) of title 44, United States Code, as added by this title; include requirements for the timeliness of data production; and include requirements for using automation and machine-readable data for data sharing and availability. Not later than 1 year after the date of enactment of this Act, the Director shall develop guidance for agencies to implement the requirement under section 3594(c) of title 44, United States Code, as added by this title, to provide information to other agencies experiencing incidents. Not later than 1 year after the date of enactment of this Act, the Director, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency, shall develop guidance and templates, to be reviewed and, if necessary, updated not less frequently than once every 2 years, for use by Federal agencies in the activities required under sections 3592, 3593, and 3596 of title 44, United States Code, as added by this title. Not later than 1 year after the date of enactment of this Act, the Director, in coordination with the Secretary of Homeland Security, the Secretary of Defense, the Administrator of General Services, and the heads of other agencies determined appropriate by the Director, shall issue guidance to Federal agencies on how to deconflict, to the greatest extent practicable, existing regulations, policies, and procedures relating to the responsibilities of contractors and awardees established under section 3595 of title 44, United States Code, as added by this title. To the greatest extent practicable, the guidance issued under subparagraph
(A)shall allow contractors and awardees to use existing processes for notifying Federal agencies of incidents involving information of the Federal Government. Not less frequently than once every 2 years, the Director shall provide to the appropriate congressional committees an update on the guidance and templates developed under paragraphs
(2)through (4). Section 552a(b) of title 5, United States Code (commonly known as the Privacy Act of 1974 ) is amended— in paragraph (11), by striking or at the end; in paragraph (12), by striking the period at the end and inserting ; or ; and by adding at the end the following: to another agency in furtherance of a response to an incident (as defined in section 3552 of title 44) and pursuant to the information sharing requirements in section 3594 of title 44 if the head of the requesting agency has made a written request to the agency that maintains the record specifying the particular portion desired and the activity for which the record is sought. .
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 105
Actions to enhance Federal incident transparency
Cites 1Cited by 0 across 0 sources