Sec. 7. CONTRACTOR COMPLIANCE WITH COORDINATED DISCLOSURE OF SECURITY VULNERABILITIES RELATING TO AGENCY INTERNET OF THINGS DEVICES
481 words·~2 min read·
/statute-compilations/comps-15863/sec-7A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 7 CONTRACTOR COMPLIANCE WITH COORDINATED DISCLOSURE OF SECURITY VULNERABILITIES RELATING TO AGENCY INTERNET OF THINGS DEVICES **[**[15 U.S.C. 278g-3e](/us/usc/t15/s278g-3e)**]** ###
(a)Prohibition on Procurement and Use ####
(1)In general The head of an agency is prohibited from procuring or obtaining, renewing a contract to procure or obtain, or using an Internet of Things device, if the Chief Information Officer of that agency determines during a review required by section 11319(b)(1)(C) of title 40, United States Code, of a contract for such device that the use of such device prevents compliance with the standards and guidelines developed under section 4 or the guidelines published under section 5 with respect to such device. ####
(2)Simplified acquisition threshold Notwithstanding section 1905 of title 41, United States Code, the requirements under paragraph
(1)shall apply to a contract or subcontract in amounts not greater than the simplified acquisition threshold. ###
(b)Waiver ####
(1)Authority The head of an agency may waive the prohibition under subsection (a)(1) with respect to an Internet of Things device if the Chief Information Officer of that agency determines that— #####
(A)the waiver is necessary in the interest of national security; #####
(B)procuring, obtaining, or using such device is necessary for research purposes; or #####
(C)such device is secured using alternative and effective methods appropriate to the function of such device. ####
(2)Agency process The Director of OMB shall establish a standardized process for the Chief Information Officer of each agency to follow in determining whether the waiver under paragraph
(1)may be granted. ###
(c)Reports to Congress ####
(1)Report Every 2 years during the 6-year period beginning on the date of the enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Oversight and Reform of the House of Representatives, the Committee on Homeland Security of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate a report— #####
(A)on the effectiveness of the process established under subsection (b)(2); #####
(B)that contains recommended best practices for the procurement of Internet of Things devices; and #####
(C)that lists— ######
(i)the number and type of each Internet of Things device for which a waiver under subsection (b)(1) was granted during the 2-year period prior to the submission of the report; and ######
(ii)the legal authority under which each such waiver was granted, such as whether the waiver was granted pursuant to subparagraph (A), (B), or
(C)of such subsection. ####
(2)Classification of report Each report submitted under this subsection shall be submitted in unclassified form, but may include a classified annex that contains the information described under paragraph (1)(C). ###
(d)Effective Date The prohibition under subsection (a)(1) shall take effect 2 years after the date of the enactment of this Act.
Connectionstraces to 1
Citation graph
cites case law
Sec. 7
CONTRACTOR COMPLIANCE WITH COORDINATED DISCLOSURE OF SECURITY VULNERABILITIES RELATING TO AGENCY INTERNET OF THINGS DEVICES
Cites 1Cited by 0 across 0 sources