Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · H.R. 2845 (Introduced in House) — To direct the Director of the Cybersecurity and Infrastructure Security Agency to establish a School Cybersecurity Im... · Sec. 3

Sec. 3. Cybersecurity incident registry

389 words·~2 min read·/bill/118/hr/2845/ih/section-3

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Director of the Cybersecurity and Infrastructure Security Agency shall establish, through partnerships with one or more information sharing and analysis organizations, a voluntary registry of information relating to cyber incidents affecting information technology systems owned or managed by a covered entity, and determine the scope of cyber incidents to be included in the registry and processes by which incidents can be reported for collection in the registry . Information in the registry established pursuant to subsection
(a)may be used to— improve data collection and coordination activities related to the nationwide monitoring of the incidence and impact of cyber incidents affecting a covered entity; conduct analyses regarding trends in cyber incidents against such entity; develop systematic approaches to assist such entity in preventing and responding to cyber incidents; increase the awareness and preparedness of a covered entity regarding the cybersecurity of such covered entity; and identify, prevent, or investigate cyber incidents targeting a covered entity. The Director of the Cybersecurity and Infrastructure Security Agency may collect information relating to cyber incidents to store in the registry established pursuant to subsection (a). Such information may be submitted by a covered entity and may include the following: The dates of each cyber incident, including the dates on which each such incident was initially detected and the dates on which each such incident was first publicly reported or disclosed to another entity. A description of each cyber incident, which shall include whether each such incident was as a result of a breach, malware, distributed denial of service attack, or other method designed to cause a vulnerability. The effects of each cyber incident, including descriptions of the type and size of each such incident. Other information determined relevant by the Director. The Director of the Cybersecurity and Infrastructure Security Agency shall make available on the School Cybersecurity Information Exchange established under section 2 an annual report relating to cyber incidents affecting elementary schools and secondary schools which includes data, and the analysis of such data, in a manner that— is— de-identified; and presented in the aggregate; and at a minimum, protects personal privacy to the extent required by applicable Federal and State privacy laws. In this section, the term covered entity means the following: An elementary school. A secondary school. A local educational agency. A State educational agency. An educational service agency.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.