Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · U.S. Code · Title 6 - DOMESTIC SECURITY · CHAPTER 6— CYBERSECURITY · SUBCHAPTER I— CYBERSECURITY INFORMATION SHARING · § 1506

§ 1506. Oversight of government activities

930 words·~4 min read·/usc/title-6/section-1506

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)Report on implementation
(1)In general Not later than 1 year after December 18, 2015, the heads of the appropriate Federal entities shall jointly submit to Congress a detailed report concerning the implementation of this subchapter.
(2)Contents The report required by paragraph
(1)may include such recommendations as the heads of the appropriate Federal entities may have for improvements or modifications to the authorities, policies, procedures, and guidelines under this subchapter and shall include the following:
(A)An evaluation of the effectiveness of real-time information sharing through the capability and process developed under section 1504(c) of this title, including any impediments to such real-time sharing.
(B)An assessment of whether cyber threat indicators or defensive measures have been properly classified and an accounting of the number of security clearances authorized by the Federal Government for the purpose of sharing cyber threat indicators or defensive measures with the private sector.
(C)The number of cyber threat indicators or defensive measures received through the capability and process developed under section 1504(c) of this title.
(D)A list of Federal entities that have received cyber threat indicators or defensive measures under this subchapter.
(b)Biennial report on compliance
(1)In general Not later than 2 years after December 18, 2015 and not less frequently than once every 2 years thereafter, the inspectors general of the appropriate Federal entities, in consultation with the Inspector General of the Intelligence Community and the Council of Inspectors General on Financial Oversight, shall jointly submit to Congress an interagency report on the actions of the executive branch of the Federal Government to carry out this subchapter during the most recent 2-year period.
(2)Contents Each report submitted under paragraph
(1)shall include, for the period covered by the report, the following:
(A)An assessment of the sufficiency of the policies, procedures, and guidelines relating to the sharing of cyber threat indicators within the Federal Government, including those policies, procedures, and guidelines relating to the removal of information not directly related to a cybersecurity threat that is personal information of a specific individual or information that identifies a specific individual.
(B)An assessment of whether cyber threat indicators or defensive measures have been properly classified and an accounting of the number of security clearances authorized by the Federal Government for the purpose of sharing cyber threat indicators or defensive measures with the private sector.
(C)A review of the actions taken by the Federal Government based on cyber threat indicators or defensive measures shared with the Federal Government under this subchapter, including a review of the following:
(i)The appropriateness of subsequent uses and disseminations of cyber threat indicators or defensive measures.
(ii)Whether cyber threat indicators or defensive measures were shared in a timely and adequate manner with appropriate entities, or, if appropriate, were made publicly available.
(D)An assessment of the cyber threat indicators or defensive measures shared with the appropriate Federal entities under this subchapter, including the following:
(i)The number of cyber threat indicators or defensive measures shared through the capability and process developed under section 1504(c) of this title.
(ii)An assessment of any information not directly related to a cybersecurity threat that is personal information of a specific individual or information identifying a specific individual and was shared by a non-Federal government 1 entity with the Federal government 1 in contravention of this subchapter, or was shared within the Federal Government in contravention of the guidelines required by this subchapter, including a description of any significant violation of this subchapter.
(iii)The number of times, according to the Attorney General, that information shared under this subchapter was used by a Federal entity to prosecute an offense listed in section 1504(d)(5)(A) of this title.
(iv)A quantitative and qualitative assessment of the effect of the sharing of cyber threat indicators or defensive measures with the Federal Government on privacy and civil liberties of specific individuals, including the number of notices that were issued with respect to a failure to remove information not directly related to a cybersecurity threat that was personal information of a specific individual or information that identified a specific individual in accordance with the procedures required by section 1504(b)(3)(E) of this title.
(v)The adequacy of any steps taken by the Federal Government to reduce any adverse effect from activities carried out under this subchapter on the privacy and civil liberties of United States persons.
(E)An assessment of the sharing of cyber threat indicators or defensive measures among Federal entities to identify inappropriate barriers to sharing information.
(3)Recommendations Each report submitted under this subsection may include such recommendations as the inspectors general may have for improvements or modifications to the authorities and processes under this subchapter.
(c)Independent report on removal of personal information Not later than 3 years after December 18, 2015, the Comptroller General of the United States shall submit to Congress a report on the actions taken by the Federal Government to remove personal information from cyber threat indicators or defensive measures pursuant to this subchapter. Such report shall include an assessment of the sufficiency of the policies, procedures, and guidelines established under this subchapter in addressing concerns relating to privacy and civil liberties.
(d)Form of reports Each report required under this section shall be submitted in an unclassified form, but may include a classified annex.
(e)Public availability of reports The unclassified portions of the reports required under this section shall be made available to the public.
(Pub. L. 114–113, div. N, title I, § 107, Dec. 18, 2015, 129 Stat. 2951.)
Connections3 cite this · traces to 2
2 references not yet in our index
  • 1
  • 129 Stat. 2951
Citation graph
cites case law
§ 1506
Oversight of government activities
Pub. L.×1
Stat. Comp.×1
Stat.×1
U.S.C.§ 1504
Pub. L.Public Law 114-113
Cite1
Stat.129 Stat. 2951
Cites 4Cited by 3 across 3 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.