Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 42 - THE PUBLIC HEALTH AND WELFARE · CHAPTER 162— ENERGY INFRASTRUCTURE · SUBCHAPTER I— GRID INFRASTRUCTURE AND RESILIENCY · § 18725

§ 18725. Cybersecurity plan

524 words·~2 min read·/usc/title-42/section-18725

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)In general The Secretary may require, as the Secretary determines appropriate, a recipient of any award or other funding under this division—
(1)to submit to the Secretary, prior to the issuance of the award or other funding, a cybersecurity plan that demonstrates the cybersecurity maturity of the recipient in the context of the project for which that award or other funding was provided; and
(2)establish a plan for maintaining and improving cybersecurity throughout the life of the proposed solution of the project.
(b)Contents of cybersecurity plan A cybersecurity plan described in subsection
(a)shall, at a minimum, describe how the recipient described in that subsection—
(1)plans to maintain cybersecurity between networks, systems, devices, applications, or components—
(A)within the proposed solution of the project; and
(B)at the necessary external interfaces at the proposed solution boundaries;
(2)will perform ongoing evaluation of cybersecurity risks to address issues as the issues arise throughout the life of the proposed solution;
(3)will report known or suspected network or system compromises of the project to the Secretary; and
(4)will leverage applicable cybersecurity programs of the Department, including cyber vulnerability testing and security engineering evaluations.
(c)Additional guidance Each recipient described in subsection
(a)should—
(1)maximize the use of open guidance and standards, including, wherever possible—
(A)the Cybersecurity Capability Maturity Model of the Department (or a successor model); and
(B)the Framework for Improving Critical Infrastructure Cybersecurity of the National Institute of Standards and Technology; and
(2)document—
(A)any deviation from open standards; and
(B)the utilization of proprietary standards where the recipient determines that such deviation necessary.
(d)Coordination The Office of Cybersecurity, Energy Security, and Emergency Response of the Department shall review each cybersecurity plan submitted under subsection
(a)to ensure integration with Department research, development, and demonstration programs.
(e)Protection of information Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system—
(1)shall be exempt from disclosure under section 552(b)(3) of title 5; and
(2)shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
(Pub. L. 117–58, div. D, title I, § 40126, Nov. 15, 2021, 135 Stat. 956.)
Connections3 cite this · traces to 3
2 references not yet in our index
  • 135 Stat. 956
  • 135 Stat. 923
Citation graph
cites case law
§ 18725
Cybersecurity plan
Pub. L.×1
Stat. Comp.×1
Stat.×1
U.S.C.§ 552
Pub. L.Public Law 117-58
U.S.C.§ 18851
Stat.135 Stat. 956
Stat.135 Stat. 923
Cites 5Cited by 3 across 3 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.