Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · S. 3315 (Introduced in Senate) — To require the Secretary of Health and Human Services and the Director of the Cybersecurity and Infrastructure Securi... · Sec. 5

Sec. 5. Cybersecurity incident response plan

353 words·~2 min read·/bill/119/s/3315/is/section-5

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 405 of the Cybersecurity Act of 2015 ( 6 U.S.C. 1533 ) is amended— in subsection (a)— in paragraph (4)— in the paragraph heading, by inserting after information system; ; and Federal entity; by inserting after information system , ; Federal entity , by redesignating paragraphs
(4)through
(7)as paragraphs
(6)through (9), respectively; and by inserting after paragraph
(3)the following: The term cybersecurity incident has the meaning given the term incident in section 3552 of title 44, United States Code. The term cybersecurity risk has the meaning given such term in section 2200 of the Homeland Security Act of 2002 ( 6 U.S.C. 650 ). ; and in subsection (d), by adding at the end the following: Not later than 1 year after the date of enactment of the Health Care Cybersecurity and Resiliency Act of 2025 , the Secretary shall develop and implement a cybersecurity incident response plan to inform applicable personnel within the Department of Health and Human Services of processes and protocols to prepare for, and respond to, cybersecurity incidents involving information, including hardware, software, databases, and networks, used or maintained by, or on behalf of, the Department, including strategies— to assess cybersecurity risks; to prevent cybersecurity incidents; to detect and identify cybersecurity incidents; to minimize damage in the event of a cybersecurity incident; to protect data; and to recover from any cybersecurity incidents expeditiously. In developing the plan under subparagraph (A), the Secretary shall consult with the Director of the Cybersecurity and Infrastructure Security Agency, the Director of the Office of Management and Budget, and the Director of the National Institute of Standards and Technology, and relevant experts, as appropriate. Not later than 60 days before the date on which the Secretary begins implementing the plan under subparagraph (A), the Secretary shall submit to the Committee on Health, Education, Labor, and Pensions and the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Energy and Commerce, the Committee on Oversight and Reform, and the Committee on Homeland Security of the House of Representatives a report that describes such plan. .
Connectionstraces to 2
Citation graph
cites case law
Sec. 5
Cybersecurity incident response plan
U.S.C.§ 1533
U.S.C.§ 650
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.