Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · PUBLIC-PRIVATE-LAW · 117th Congress · Public Law 117-259

Public Law 117-259. SBA Cyber Awareness Act

678 words·~3 min read·/plaw/117/public/259

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

An Act To require an annual report on the cybersecurity of the Small Business Administration, and for other purposes.Dec. 21, 2022[[H.R. 3462](/us/bill/117/hr/3462)] * Be it enacted by the Senate and House of Representa­tives of the United States of America in Congress assembled,* SBA Cyber Awareness Act.[15 USC 631 note](/us/usc/t15/s631). ## SECTION 1 SHORT TITLE This Act may be cited as the “SBA Cyber Awareness Act”. ## SEC. 2 CYBERSECURITY AWARENESS REPORTING China. ###
(a)In General Section 10 of the Small Business Act ( 15 U.S.C. 639 ) is amended by inserting after subsection
(a)the following: > > ### “(b) Cybersecurity Reports > > > #### “(1) Annual report > > Strategies. > > Not later than 180 days after the date of enactment of this subsection, and every year thereafter, the Administrator shall submit a report to the appropriate congressional committees that includes— > > > ##### “(A) > > a strategy to increase the cybersecurity of information technology infrastructure of the Administration; > > > ##### “(B) > > Plan. > > a supply chain risk management strategy and an implementation plan to address the risks of foreign manufactured information technology equipment utilized by the Administration, including specific risk mitigation activities for components originating from entities with principal places of business located in the People’s Republic of China; and > > > ##### “(C) > > an account of— > > > ###### “(i) > > Time periods. > > any incident that occurred at the Administration during the 2-year period preceding the date on which the first report is submitted, and, for subsequent reports, the 1-year period preceding the date of submission; and > > > ###### “(ii) > > any action taken by the Administrator to respond to or remediate any such incident. > > > #### “(2) FISMA reports > > Each report required under paragraph
(1)may be submitted as part of the report required under [section 3554 of title 44, United States Code](/us/usc/t44/s3554). > > > #### “(3) Rule of construction > > Nothing in this subsection shall be construed to affect the reporting requirements of the Administrator under [chapter 35 of title 44, United States Code](/us/usc/t44/ch35), in particular the requirement to notify the Federal information security incident center under section 3554(b)(7)(C)(ii) of such title, any guidance issued by the Office of Management and Budget, or any other provision of law or Federal policy.136 STAT. 2388 > > > #### “(4) Definitions > > In this subsection: > > > ##### “(A) Appropriate congressional committees > > The term ‘**appropriate congressional committees**’ means— > > > ###### “(i) > > the Committee on Small Business and Entrepreneurship of the Senate; > > > ###### “(ii) > > the Committee on Homeland Security and Governmental Affairs of the Senate; > > > ###### “(iii) > > the Committee on Small Business of the House of Representatives; and > > > ###### “(iv) > > the Committee on Oversight and Reform of the House of Representatives. > > > ##### “(B) Incident > > The term ‘**incident**’ has the meaning given the term in [section 3552 of title 44, United States Code](/us/usc/t44/s3552). > > > ##### “(C) Information technology > > The term ‘**information technology**’ has the meaning given the term in [section 3502 of title 44, United States Code](/us/usc/t44/s3502).” > . ###
(b)Report Not later than 1 year after the date of enactment of this Act, the Administrator of the Small Business Administration shall, to the greatest extent practicable, provide to the Committee on Small Business and Entrepreneurship of the Senate, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Small Business of the House of Representatives, and the Committee on Oversight and Reform of the House of Representatives a detailed account of information technology (as defined in [section 3502 of title 44, United States Code](/us/usc/t44/s3502)) of the Small Business Administration that was manufactured by an entity that has its principal place of business located in the People’s Republic of China. Approved December 21, 2022.
Connections6 cite this · traces to 2
Citation graph
cites case law
Public Law 117-259
SBA Cyber Awareness Act
Stat.×3
U.S.C.×3
U.S.C.§ 631
U.S.C.§ 639
Cites 2Cited by 6 across 2 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.