Sec. 106. Additional guidance to agencies on FISMA updates
160 words·~1 min read·
/bill/117/s/3600/es/section-106A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of enactment of this Act, the Director, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency, shall issue guidance for agencies on— performing the ongoing and continuous agency system risk assessment required under section 3554(a)(1)(A) of title 44, United States Code, as amended by this title; implementing additional cybersecurity procedures, which shall include resources for shared services; establishing a process for providing the status of each remedial action under section 3554(b)(7) of title 44, United States Code, as amended by this title, to the Director and the Cybersecurity and Infrastructure Security Agency using automation and machine-readable data, as practicable, which shall include— specific guidance for the use of automation and machine-readable data; and templates for providing the status of the remedial action; and a requirement to coordinate with inspectors general of agencies to ensure consistent understanding and application of agency policies for the purpose of evaluations by inspectors general.