Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · STATUTE-COMPILATIONS · Infrastructure Investment and Jobs Act · Sec. 25022

Sec. 25022. GAO CYBERSECURITY RECOMMENDATIONS

377 words·~2 min read·/statute-compilations/comps-16776/sec-25022

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 25022 GAO CYBERSECURITY RECOMMENDATIONS **[**[49 U.S.C. 301 note](/us/usc/t49/s301)**]** ###
(a)Cybersecurity Risk Management Not later than 3 years after the date of enactment of this Act, the Secretary shall implement the recommendation for the Department made by the Comptroller General of the United States in the report entitled “Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges”, numbered GAO-19-384, and dated July 2019— ####
(1)by developing a cybersecurity risk management strategy for the systems and information of the Department; ####
(2)by updating policies to address an organization-wide risk assessment; and ####
(3)by updating the processes for coordination between cybersecurity risk management functions and enterprise risk management functions. ###
(b)Work Roles Not later than 3 years after the date of enactment of this Act, the Secretary shall implement the recommendation of the Comptroller General of the United States in the report entitled “Cybersecurity Workforce: Agencies Need to Accurately Categorize Positions to Effectively Identify Critical Staffing Needs”, numbered GAO-19-144, and dated March 2019, by— ####
(1)reviewing positions in the Department; and ####
(2)assigning appropriate work roles in accordance with the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework. ###
(c)GAO Review ####
(1)Report Not later than 18 months after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Transportation and Infrastructure of the House of Representatives a report that examines the approach of the Department to managing cybersecurity for the systems and information of the Department. ####
(2)Contents The report under paragraph
(1)shall include an evaluation of— #####
(A)the roles, responsibilities, and reporting relationships of the senior officials of the Department with respect to cybersecurity at the components of the Department; #####
(B)the extent to which officials of the Department— ######
(i)establish requirements for, share information with, provide resources to, and monitor the performance of managers with respect to cybersecurity within the components of the Department; and ######
(ii)hold managers accountable for cybersecurity within the components of the Department; and #####
(C)other aspects of cybersecurity, as the Comptroller General of the United States determines to be appropriate.
Connectionstraces to 1
Citation graph
cites case law
Sec. 25022
GAO CYBERSECURITY RECOMMENDATIONS
U.S.C.§ 301
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.