Sec. 6. Additional guidance to agencies on FISMA updates
152 words·~1 min read·
/bill/118/s/2251/is/section-6A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of enactment of this Act, the Director shall issue guidance for agencies on— performing the ongoing and continuous agency system risk assessment required under section 3554(a)(1)(A) of title 44, United States Code, as amended by this Act; and establishing a process for securely providing the status of each remedial action for high value assets under section 3554(b)(7) of title 44, United States Code, as amended by this Act, to the Director and the Director of the Cybersecurity and Infrastructure Security Agency using automation and machine-readable data, as practicable, which shall include— specific guidance for the use of automation and machine-readable data; and templates for providing the status of the remedial action.
The head of each agency shall coordinate with the inspector general of the agency, as applicable, to ensure consistent understanding of agency policies for the purpose of evaluations conducted by the inspector general.