Sec. 1545. STRATEGY
788 words·~4 min read·
/statute-compilations/comps-16861/sec-1545A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1545 STRATEGY Section 2210 of the Homeland Security Act of 2002 (6 U.S.C. 660) is amended by adding at the end the following new subsection: > > ### “(e) Homeland Security Strategy to Improve the Cybersecurity of State, Local, Tribal, and Territorial Governments > > > #### “(1) In general > > > ##### “(A) Requirement > > Not later than one year after the date of the enactment of this subsection, the Secretary, acting through the Director, shall, in coordination with the heads of appropriate Federal agencies, State, local, Tribal, and territorial governments, and other stakeholders, as appropriate, develop and make publicly available a Homeland Security Strategy to Improve the Cybersecurity of State, Local, Tribal, and Territorial Governments. > > > ##### “(B) Recommendations and requirements > > The strategy required under subparagraph
(A)shall provide recommendations relating to the ways in which the Federal Government should support and promote the ability of State, local, Tribal, and territorial governments to identify, mitigate against, protect against, detect, respond to, and recover from cybersecurity risks (as such term is defined in section 2209), cybersecurity threats, and incidents (as such term is defined in section 2209). > > > #### “(2) Contents > > The strategy required under paragraph
(1)shall— > > > ##### “(A) > > identify capability gaps in the ability of State, local, Tribal, and territorial governments to identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents; > > > ##### “(B) > > identify Federal resources and capabilities that are available or could be made available to State, local, Tribal, and territorial governments to help those governments identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents; > > > ##### “(C) > > identify and assess the limitations of Federal resources and capabilities available to State, local, Tribal, and territorial governments to help those governments identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents and make recommendations to address such limitations; > > > ##### “(D) > > identify opportunities to improve the coordination of the Agency with Federal and non-Federal entities, such as the Multi-State Information Sharing and Analysis Center, to improve— > > > ###### “(i) > > incident exercises, information sharing and incident notification procedures; > > > ###### “(ii) > > the ability for State, local, Tribal, and territorial governments to voluntarily adapt and implement guidance in Federal binding operational directives; and > > > ###### “(iii) > > opportunities to leverage Federal schedules for cybersecurity investments under section 502 of title 40, United States Code; > > > ##### “(E) > > recommend new initiatives the Federal Government should undertake to improve the ability of State, local, Tribal, and territorial governments to identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents; > > > ##### “(F) > > set short-term and long-term goals that will improve the ability of State, local, Tribal, and territorial governments to identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents; and > > > ##### “(G) > > set dates, including interim benchmarks, as appropriate for State, local, Tribal, and territorial governments to establish baseline capabilities to identify, protect against, detect, respond to, and recover from cybersecurity risks, cybersecurity threats, incidents, and ransomware incidents. > > > #### “(3) Considerations > > In developing the strategy required under paragraph (1), the Director, in coordination with the heads of appropriate Federal agencies, State, local, Tribal, and territorial governments, and other stakeholders, as appropriate, shall consider— > > > ##### “(A) > > lessons learned from incidents that have affected State, local, Tribal, and territorial governments, and exercises with Federal and non-Federal entities; > > > ##### “(B) > > the impact of incidents that have affected State, local, Tribal, and territorial governments, including the resulting costs to such governments; > > > ##### “(C) > > the information related to the interest and ability of state and non-state threat actors to compromise information systems (as such term is defined in section 102 of the Cybersecurity Act of 2015 (6 U.S.C. 1501)) owned or operated by State, local, Tribal, and territorial governments; and > > > ##### “(D) > > emerging cybersecurity risks and cybersecurity threats to State, local, Tribal, and territorial governments resulting from the deployment of new technologies. > > > #### “(4) Exemption > > Chapter 35 of title 44, United States Code (commonly known as the ‘Paperwork Reduction Act’), shall not apply to any action to implement this subsection.” > .
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources