Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · H.R. 4552 (Reported in House) — To improve the cybersecurity of the Federal Government, and for other purposes. · Sec. 9

Sec. 9. Implementing zero trust architecture

429 words·~2 min read·/bill/118/hr/4552/rh/section-9

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of enactment of this Act, the Director shall provide to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committees on Oversight and Accountability and Homeland Security of the House of Representatives a briefing on progress in increasing the internal defenses of agency systems, including— shifting away from trusted networks to implement security controls based on a presumption of compromise, including through the transition to zero trust architecture; implementing principles of least privilege in administering information security programs; limiting the ability of entities that cause incidents to move laterally through or between agency systems; identifying incidents quickly; isolating and removing unauthorized entities from agency systems as quickly as practicable, accounting for intelligence or law enforcement purposes; and otherwise increasing the resource costs for entities that cause incidents to be successful.
As a part of each report required to be submitted under section 3553(c) of title 44, United States Code, during the period beginning on the date that is 4 years after the date of enactment of this Act and ending on the date that is 10 years after the date of enactment of this Act, the Director shall include an update on agency implementation of zero trust architecture, which shall include— a description of steps agencies have completed, including progress toward achieving any requirements issued by the Director, including the adoption of any models or reference architecture; an identification of activities that have not yet been completed and that would have the most immediate security impact; and a schedule to implement any planned activities.
Each update required under subsection
(b)may include 1 or more annexes that contain classified or other sensitive information, as appropriate. Not later than 1 year after the date of enactment of this Act, the Secretary of Defense shall provide to the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Oversight and Accountability of the House of Representatives, the Committee on Armed Services of the Senate, the Committee on Armed Services of the House of Representatives, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives a briefing on the implementation of zero trust architecture with respect to national security systems. Not later than the date on which each update is required to be submitted under subsection (b), the Secretary of Defense shall submit to the congressional committees described in paragraph
(1)a progress report on the implementation of zero trust architecture with respect to national security systems.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.