Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 3600 (Engrossed in Senate) — To improve the cybersecurity of the Federal Government, and for other purposes. · Sec. 205

Sec. 205. Ransomware vulnerability warning pilot program

331 words·~2 min read·/bill/117/s/3600/es/section-205·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of enactment of this Act, the Director shall establish a ransomware vulnerability warning pilot program to leverage existing authorities and technology to specifically develop processes and procedures for, and to dedicate resources to, identifying information systems that contain security vulnerabilities associated with common ransomware attacks, and to notify the owners of those vulnerable systems of their security vulnerability. The pilot program established under subsection
(a)shall— identify the most common security vulnerabilities utilized in ransomware attacks and mitigation techniques; and utilize existing authorities to identify information systems that contain the security vulnerabilities identified in paragraph (1). If the Director is able to identify the entity at risk that owns or operates a vulnerable information system identified in subsection (b), the Director may notify the owner of the information system. If the Director is not able to identify the entity at risk that owns or operates a vulnerable information system identified in subsection (b), the Director may utilize the subpoena authority pursuant to section 2209 of the Homeland Security Act of 2002 ( 6 U.S.C. 659 ) to identify and notify the entity at risk pursuant to the procedures under that section. A notification made under paragraph
(1)shall include information on the identified security vulnerability and mitigation techniques. To the extent practicable, the Director shall prioritize covered entities for identification and notification activities under the pilot program established under this section. No procedure, notification, or other authorities utilized in the execution of the pilot program established under subsection
(a)shall require an owner or operator of a vulnerable information system to take any action as a result of a notice of a security vulnerability made pursuant to subsection (c). Nothing in this section shall be construed to provide additional authorities to the Director to identify vulnerabilities or vulnerable systems. The pilot program established under subsection
(a)shall terminate on the date that is 4 years after the date of enactment of this Act.
Connectionstraces to 1
Citation graph
cites case law
Sec. 205
Ransomware vulnerability warning pilot program
U.S.C.§ 659
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.