Sec. 204. Federal sharing of incident reports
517 words·~2 min read·
/bill/117/s/3600/pcs/section-204A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Notwithstanding any other provision of law or regulation, any Federal agency, including any independent establishment (as defined in section 104 of title 5, United States Code), that receives a report from an entity of a cyber incident, including a ransomware attack, shall provide the report to the Agency as soon as possible, but not later than 24 hours after receiving the report, unless a shorter period is required by an agreement made between the Department of Homeland Security (including the Cybersecurity and Infrastructure Security Agency) and the recipient Federal agency.
The Director shall share and coordinate each report pursuant to section 2241(b) of the Homeland Security Act of 2002, as added by section 203 of this title. The requirements described in paragraph
(1)and section 2245(d) of the Homeland Security Act of 2002, as added by section 203 of this title, may not be construed to be a violation of any provision of law or policy that would otherwise prohibit disclosure or provision of information within the executive branch. The Director shall comply with any obligations of the recipient Federal agency described in paragraph
(1)to protect information, including with respect to privacy, confidentiality, or information security, if those obligations would impose greater protection requirements than this Act or the amendments made by this Act. This subsection shall take effect on the effective date of the final rule issued pursuant to section 2242(b) of the Homeland Security Act of 2002, as added by section 203 of this title. The Agency and any Federal agency, including any independent establishment (as defined in section 104 of title 5, United States Code) that receives incident reports from entities, including due to ransomware attacks, shall, as appropriate, enter into a documented agreement to establish policies, processes, procedures, and mechanisms to ensure reports are shared with the Agency pursuant to paragraph (1). To the maximum extent practicable, each documented agreement required under subparagraph
(A)shall be made publicly available. The documented agreements required by subparagraph
(A)shall require reports be shared from Federal agencies with the Agency in such time as to meet the overall timeline for covered entity reporting of covered cyber incidents and ransom payments established in section 2242 of the Homeland Security Act of 2002, as added by section 203 of this title. The Secretary of Homeland Security, acting through the Director, shall, in consultation with the Cyber Incident Reporting Council described in section 2246 of the Homeland Security Act of 2002, as added by section 203 of this title, to the maximum extent practicable— periodically review existing regulatory requirements, including the information required in such reports, to report incidents and ensure that any such reporting requirements and procedures avoid conflicting, duplicative, or burdensome requirements; and coordinate with appropriate Federal partners and regulatory authorities that receive reports relating to incidents to identify opportunities to streamline reporting processes, and where feasible, facilitate interagency agreements between such authorities to permit the sharing of such reports, consistent with applicable law and policy, without impacting the ability of the Agency to gain timely situational awareness of a covered cyber incident or ransom payment.