Sec. 104. CYBERSECURITY RESEARCH
542 words·~2 min read·
/statute-compilations/comps-12678/sec-104A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 104 CYBERSECURITY RESEARCH ###
(a)Foundation Cybersecurity Research Section 4(a)(1) of the Cyber Security Research and Development Act, as amended (15 U.S.C. 7403(a)(1)) is amended— ####
(1)in subparagraph (O), by striking “and” at the end; ####
(2)in subparagraph (P), by striking the period at the end and inserting a semicolon; and ####
(3)by adding at the end the following: > > ##### “(Q) > > security of election-dedicated voting system software and hardware; and > > > ##### “(R) > > role of the human factor in cybersecurity and the interplay of computers and humans and the physical world.” > . ###
(b)NIST Cybersecurity Priorities **[**[15 U.S.C. 272 note](/us/usc/t15/s272)**]** ####
(1)Critical infrastructure awareness The Director of NIST shall continue to raise public awareness of the voluntary, industry-led cybersecurity standards and best practices for critical infrastructure developed under section 2(c)(15) of the National Institute of Standards and Technology Act (15 U.S.C. 272(c)(15)). ####
(2)Quantum computing Under section 2(b) of the National Institute of Standards and Technology Act (15 U.S.C. 272(b)) and section 20 of that Act (15 U.S.C. 278g-3), the Director of NIST shall— #####
(A)research information systems for future cybersecurity needs; and #####
(B)coordinate with relevant stakeholders to develop a process— ######
(i)to research and identify or, if necessary, develop cryptography standards and guidelines for future cybersecurity needs, including quantum-resistant cryptography standards; and ######
(ii)to provide recommendations to Congress, Federal agencies, and industry consistent with the National Technology Transfer and Advancement Act of 1995 (Public Law 104-113; 110 Stat. 775), for a secure and smooth transition to the standards under clause (i). ####
(3)Federal information systems research and development Section 20(d)(3) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(d)(3)) is amended to read as follows: > > #### “(3) > > conduct research and analysis— > > > ##### “(A) > > to determine the nature and extent of information security vulnerabilities and techniques for providing cost-effective information security; > > > ##### “(B) > > to review and determine prevalent information security challenges and deficiencies identified by agencies or the Institute, including any challenges or deficiencies described in any of the annual reports under section 3553 or 3554 of title 44, United States Code, and in any of the reports and the independent evaluations under section 3555 of that title, that may undermine the effectiveness of agency information security programs and practices; and > > > ##### “(C) > > to evaluate the effectiveness and sufficiency of, and challenges to, Federal agencies’ implementation of standards and guidelines developed under this section and policies and standards promulgated under section 11331 of title 40, United States Code;” > . ####
(4)Voting Section 2(c) of the National Institute of Standards and Technology Act (15 U.S.C. 272(c)) is amended— #####
(A)by redesignating paragraphs
(16)through
(23)as paragraphs
(17)through (24), respectively; and #####
(B)by inserting after paragraph
(15)the following: > > #### “(16) > > perform research to support the development of voluntary, consensus-based, industry-led standards and recommendations on the security of computers, computer networks, and computer data storage used in election systems to ensure voters can vote securely and privately.” > .
Connectionstraces to 4
Traces to 4 documents
U.S. Code
1 reference not yet in our index
- Pub. L. 104-113
Citation graph
cites case law
Sec. 104
CYBERSECURITY RESEARCH
Pub. L.Pub. L. 104-113
Cites 5Cited by 0 across 0 sources