Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · S. 3315 (Introduced in Senate) — To require the Secretary of Health and Human Services and the Director of the Cybersecurity and Infrastructure Securi... · Sec. 9

Sec. 9. Required cybersecurity standards

151 words·~1 min read·/bill/119/s/3315/is/section-9

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary shall update the privacy, security, and breach notification regulations under parts 160 and 164 of title 45, Code of Federal Regulations (or any successor regulation) to require covered entities and business associates to adopt the following cybersecurity practices: Multifactor authentication, or a successor technology, for access to any information systems that may include protected health information. Safeguards to encrypt protected health information. Requirements to conduct audits, including penetration testing, to maintain the protections of information systems.
Other minimum cybersecurity standards, as determined by the Secretary, in consultation with private sector entities, based on landscape analysis of emerging and existing cybersecurity vulnerabilities and consensus-based best practices. The Secretary shall specify in the regulations the effective date for each of the new requirements under the regulations updated in accordance with subsection (a). Each such effective date shall provide reasonable time for the entities subject to the requirement to come into compliance.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.