Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 42 - THE PUBLIC HEALTH AND WELFARE · CHAPTER 163— RESEARCH AND DEVELOPMENT, COMPETITION, AND INNOVATION · SUBCHAPTER II— NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY FOR THE FUTURE · § 18933

§ 18933. Software security and authentication

293 words·~1 min read·/usc/title-42/section-18933

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)Vulnerabilities in open source software The Director shall assign severity metrics to identified vulnerabilities with open source software and produce voluntary guidance to assist the entities that maintain open source software repositories to discover and mitigate vulnerabilities.
(b)Artificial intelligence-enabled defenses The Director shall carry out research and testing to improve the effectiveness of artificial intelligence-enabled cybersecurity, including by generating optimized data sets to train artificial intelligence defense systems and evaluating the performance of varying network architectures at strengthening network security.
(c)Authentication of Institute software The Director shall ensure all software released by the Institute is digitally signed and maintained to enable stakeholders to verify its authenticity and integrity upon installation and execution.
(d)Assistance to Inspectors General Subject to available funding, the Director shall provide technical assistance to improve the education and training of individual Federal agency Inspectors General and staff who are responsible for the annual independent evaluation they are required to perform of the information security program and practices of Federal agencies under section 3555 of title 44.
(e)Software supply chain security practices
(1)In general The Director shall, in coordination with industry, academia, and other Federal agencies, as appropriate, develop a set of security outcomes and practices, including security controls, control enhancements, supplemental guidance, or other supporting information to enable software developers and operators to identify, assess, and manage cybersecurity risks over the full lifecycle of software products.
(2)Outreach The Director shall conduct outreach and coordination activities to share technical expertise with Federal agencies, relevant industry stakeholders, and standards development organizations, as appropriate, to encourage the voluntary adoption of the software lifecycle security practices by Federal agencies and industry stakeholders.
(Pub. L. 117–167, div. B, title II, § 10224, Aug. 9, 2022, 136 Stat. 1478.)
Connections3 cite this · traces to 2
1 reference not yet in our index
  • 136 Stat. 1478
Citation graph
cites case law
§ 18933
Software security and authentication
Pub. L.×1
Stat. Comp.×1
Stat.×1
U.S.C.§ 3555
Pub. L.Public Law 117-167
Stat.136 Stat. 1478
Cites 3Cited by 3 across 3 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.