Sec. 5. Actions to enhance Federal incident transparency
543 words·~2 min read·
/bill/118/s/2251/is/section-5A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall— develop a plan for the development of the analysis required under section 3597(a) of title 44, United States Code, as added by this Act, and the report required under subsection
(b)of that section that includes— a description of any challenges the Director of the Cybersecurity and Infrastructure Security Agency anticipates encountering; and the use of automation and machine-readable formats for collecting, compiling, monitoring, and analyzing data; and provide to the appropriate congressional committees a briefing on the plan developed under subparagraph (A). Not later than 1 year after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall provide to the appropriate congressional committees a briefing on— the execution of the plan required under paragraph (1)(A); and the development of the report required under section 3597(b) of title 44, United States Code, as added by this Act. Section 2 of the Federal Information Security Modernization Act of 2014 ( Public Law 113–283 ; 128 Stat. 3073) is amended— by striking subsections
(b)and (d); and by redesignating subsections (c), (e), and
(f)as subsections (b), (c), and (d), respectively. The Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall develop, and as appropriate update, guidance, on the content, timeliness, and format of the information provided by agencies under section 3594(a) of title 44, United States Code, as added by this Act. The guidance developed under subparagraph
(A)shall— enable the efficient development of— lessons learned and recommendations in responding to, recovering from, remediating, and mitigating future incidents; and the report on Federal incidents required under section 3597(b) of title 44, United States Code, as added by this Act; and include requirements for the timeliness of data production. The Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall promote, as feasible, the use of automation and machine-readable data for data sharing under section 3594(a) of title 44, United States Code, as added by this Act. Not later than 1 year after the date of enactment of this Act, the Director shall issue guidance to agencies on how to deconflict, to the greatest extent practicable, existing regulations, policies, and procedures relating to the responsibilities of contractors and awardees established under section 3595 of title 44, United States Code, as added by this Act. To the greatest extent practicable, the guidance issued under subparagraph
(A)shall allow contractors and awardees to use existing processes for notifying agencies of incidents involving information of the Federal Government. Section 552a(b) of title 5, United States Code (commonly known as the Privacy Act of 1974 ) is amended— in paragraph (11), by striking or at the end; in paragraph (12), by striking the period at the end and inserting ; or ; and by adding at the end the following: to another agency, to the extent necessary, to assist the recipient agency in responding to an incident (as defined in section 3552 of title 44) or breach (as defined in section 3591 of title 44) or to fulfill the information sharing requirements under section 3594 of title 44. .
Connectionstraces to 1
Traces to 1 document
public-private-law
1 reference not yet in our index
- 128 Stat. 3073
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources