Get e-book Issues in Homeland Security Policy for the 112th Congress

Free download. Book file PDF easily for everyone and every device. You can download and read online Issues in Homeland Security Policy for the 112th Congress file PDF Book only if you are registered here. And also you can download or read online all Book PDF file that related with Issues in Homeland Security Policy for the 112th Congress book. Happy reading Issues in Homeland Security Policy for the 112th Congress Bookeveryone. Download file Free Book PDF Issues in Homeland Security Policy for the 112th Congress at Complete PDF Library. This Book have some digital formats such us :paperbook, ebook, kindle, epub, fb2 and another formats. Here is The CompletePDF Book Library. It's free to register here to get Book file PDF Issues in Homeland Security Policy for the 112th Congress Pocket Guide.

The Secretary of Defense, the Director of the Central Intelligence Agency, and the Director of National Intelligence shall carry out their responsibilities under this subsection in coordination with the Secretary and share relevant information in a timely manner with the Secretary relating to the security of agency information and information systems, including systems described in paragraphs 2 , 3 , and 4 , to enable the Secretary to carry out the responsibilities set forth in this section and to maintain comprehensive situational awareness regarding information security incidents, threats, and vulnerabilities affecting agency information systems, consistent with standards and guidelines for national security systems, issued in accordance with law and as directed by the President.

The head of each agency shall develop, document, and implement an agencywide information security program, which shall be reviewed under section b 2 , to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source, which shall include—.

Counterterrorism & Intelligence (112th Congress)

Notwithstanding any other provision of law, the head of each agency is authorized to allow the Secretary, or a private entity providing assistance to the Secretary under section , to acquire, intercept, retain, use, and disclose communications, system traffic, records, or other information transiting to or from or stored on an agency information system for the purpose of protecting agency information and information systems from information security threats or mitigating the threats in connection with the implementation of the information security capabilities authorized by paragraph 3 or 4 of section b.

Except as provided in subsection c , the Secretary shall conduct periodic assessments of the information security programs and practices of agencies based on the annual agency reports required under section c , the annual independent evaluations required under section , the results of any continuous monitoring, and other available information. Each assessment conducted under subsection a shall—. A periodic assessment conducted under subsection a relating to a national security system shall be prepared as directed by the President.

Periodic assessments conducted under subsection a shall be prepared in accordance with governmentwide reporting requirements by—. Each assessment conducted under subsection a that relates, in whole or in part, to the information systems of an agency shall be made available to the head of the agency.

In conducting assessments under subsection a , the Secretary shall take appropriate actions to ensure the protection of information which, if disclosed, may adversely affect information security. Such protections shall be commensurate with the risk and comply with all applicable laws and policies. The Secretary, in coordination with the Secretary of Defense, the Director of the Central Intelligence Agency, and the Director of National Intelligence, shall evaluate and submit to Congress an annual report on the adequacy and effectiveness of the information security programs and practices assessed under this section.

Not less than once every 2 years, an independent evaluation shall be performed of the information security program and practices of each agency in accordance with the guidance developed under subsection d to determine the effectiveness of the programs and practices in addressing risk. Each evaluation performed under subsection a shall include—. An evaluation of an agency under subsection a shall be performed by—.


  1. Il Selettore (Italian Edition)!
  2. William James on Religion (Philosophers in Depth).
  3. Crímenes para una exposición (Spanish Edition)?

The Council of Inspectors General on Integrity and Efficiency, in consultation with the Secretary, the Comptroller General of the United States, and the Director of the National Institute of Standards and Technology, shall issue and maintain guidance for performing timely, cost-effective, and risk-based evaluations under subsection a.

The official or entity performing an evaluation of an agency under subsection a shall submit to Congress, the agency, and the Comptroller General of the United States a report regarding the evaluation. The head of the agency shall provide to the Secretary a report received under this subsection. An evaluation under subsection a of a national security system shall be performed as directed by the President.

Site-wide navigation

The Comptroller General of the United States shall periodically evaluate and submit to Congress reports on—. The head of each agency operating or exercising control of a national security system shall be responsible for ensuring that the agency—. Nothing in this subchapter shall be construed to alter or amend any law regarding the authority of any head of an agency over the agency. The table of sections for chapter 35 of title 44 is amended by striking the matter relating to subchapters II and III and inserting the following:.

About Interagency Cooperation | Arthur D. Simons Center

Federal information security authority and coordination. Agency responsibilities. Annual assessments. Independent evaluations. National security systems. Section of title 40, United States Code, is amended to read as follows:.

Issues in Homeland Security Policy for the 112th Congress

The term Federal information system means an information system used or operated by an executive agency, by a contractor of an executive agency, or by another entity on behalf of an executive agency. The term information security has the meaning given that term in section of title The term national security system has the meaning given that term in section of title Except as provided under paragraph 2 , and based on the standards and guidelines developed by the National Institute of Standards and Technology under paragraphs 2 and 3 of section 20 a of the National Institute of Standards and Technology Act 15 U.

Standards and guidelines for national security systems shall be developed, prescribed, enforced, and overseen as otherwise authorized by law and as directed by the President. The Secretary of Commerce may require executive agencies to comply with the standards prescribed under subsection b 1 to the extent determined necessary by the Secretary of Commerce to improve the efficiency of operation or security of Federal information systems. The Secretary of Commerce shall require executive agencies to comply with the standards described in subparagraph B.

The standards described in this subparagraph are information security standards that—. The President may disapprove or modify the standards and guidelines prescribed under subsection b 1 if the President determines such action to be in the public interest. The authority of the President to disapprove or modify the standards and guidelines may be delegated to the Director of the Office of Management and Budget. Notice of a disapproval or modification under this subsection shall be published promptly in the Federal Register.

Upon receiving notice of a disapproval or modification, the Secretary of Commerce shall immediately rescind or modify the standards or guidelines as directed by the President or the Director of the Office of Management and Budget. To ensure fiscal and policy consistency, the Secretary of Commerce shall exercise the authority under this section subject to direction by the President and in coordination with the Director of the Office of Management and Budget.

The head of an executive agency may employ standards for the cost-effective information security for Federal information systems of that agency that are more stringent than the standards prescribed by the Secretary of Commerce under subsection b 1 if the more stringent standards—. The decision by the Secretary of Commerce regarding the promulgation of any standard under this section shall occur not later than 6 months after the submission of the proposed standard to the Secretary of Commerce by the National Institute of Standards and Technology, as provided under section 20 of the National Institute of Standards and Technology Act 15 U.

Related news

Section 8 of title 44, United States Code, is amended by inserting hosting, after collection, ;. Policies and compliance guidance issued by the Director of the Office of Management and Budget before the date of enactment of this Act under section a 1 of title 44 as in effect on the day before the date of enactment of this Act shall continue in effect, according to their terms, until modified, terminated, superseded, or repealed under section b 1 of title 44, as added by this Act. Standards and guidelines issued by the Secretary of Commerce or by the Director of the Office of Management and Budget before the date of enactment of this Act under section b 1 of title 40 as in effect on the day before the date of enactment of this Act shall continue in effect, according to their terms, until modified, terminated, superseded, or repealed under section b 1 , as added by this Act.

In this subtitle:. The term agency information infrastructure means the Federal information infrastructure of a particular Federal agency. The term Center means the National Center for Cybersecurity and Communications established under section The term covered critical infrastructure means a system or asset designated by the Secretary as covered critical infrastructure in accordance with the procedure established under section of the Cybersecurity Act of The term damage has the meaning given that term in section e of title 18, United States Code.

The term Federal cybersecurity center has the meaning given that term in section of the Cybersecurity Act of The term Federal entity has the meaning given that term in section of the Cybersecurity Act of The term incident has the meaning given that term in section of title 44, United States Code.

The term information security has the meaning given that term in section of title 44, United States Code. The term intelligence community has the meaning given that term in section 3 4 of the National Security Act of 50 U. National security and emergency preparedness communications infrastructure. The term national security and emergency preparedness communications infrastructure means the systems supported or covered by the Office of Emergency Communications and the National Communications System on the date of enactment of the Cybersecurity Act of or otherwise described in Executive Order , or any successor thereto, relating to national security and emergency preparedness communications functions.

The term national security system has the meaning given that term in section of title 44, United States Code. The term non-Federal entity has the meaning given that term in section of the Cybersecurity Act of The Center shall be headed by a Director, who shall be appointed by the President, by and with the advice and consent of the Senate, and who shall report directly to the Secretary. The Director of the Center shall—. To avoid unnecessary duplication or waste, in carrying out the authorities and responsibilities of the Center under this subtitle, to the maximum extent practicable, the Director of the Center shall make use of existing mechanisms for collaboration and information sharing, including mechanisms relating to the identification and communication of cybersecurity threats, vulnerabilities, and associated consequences, established by other components of the Department or other Federal agencies and the information sharing mechanisms established under title VII of the Cybersecurity Act of There shall be a Deputy Director appointed by the Secretary, who shall—.

The Director of National Intelligence, with the concurrence of the Secretary, shall identify an employee of an element of the intelligence community to serve as a Deputy Director of the Center. The employee shall be detailed to the Center on a reimbursable basis for such period as is agreed to by the Director of the Center and the Director of National Intelligence, and, while serving as Deputy Director, shall report directly to the Director of the Center.

The Director of the Center shall develop and implement a national cybersecurity exercise program with the participation of State and local governments, international partners of the United States, and the private sector. The head of any Federal agency not described in paragraph 1 , with the concurrence of the Director of the Center, may assign personnel to the Center to act as liaisons.

The Director of the Center shall designate not less than 1 employee of the Center to serve as a liaison with the private sector.

The Director of the Center, in consultation with the Secretary, shall designate a full-time privacy officer. Not later than days after the date of enactment of the Cybersecurity Act of , the Director of the Office of Management and Budget shall submit to the appropriate committees of Congress and the Comptroller General of the United States a report on the resources and staff necessary to carry out fully the responsibilities under this subtitle, including the availability of existing resources and staff.

The Comptroller General of the United States shall evaluate the reasonableness and adequacy of the report submitted by the Director of the Office of Management and Budget under paragraph 1 and submit to the appropriate committees of Congress a report regarding the same. The provision of assistance or information under this section to governmental or private entities that own or operate critical infrastructure shall be at the discretion of the Secretary.

The provision of certain assistance or information to a governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, to similar assistance or information for any other governmental or private entity. Not later than days after the date of enactment of the Cybersecurity Act of , the Director of the Center, in consultation with the private sector, relevant government agencies, and nongovernmental organizations, shall conduct an assessment of existing and proposed information sharing models to identify best practices for sharing information across government and with the private sector, including through cybersecurity exchanges designated pursuant to section of the Cybersecurity Act of The Director of the Center shall periodically review procedures established under subsection b and the program established in accordance with subsection c to ensure that classified and unclassified cybersecurity information, including information relating to threats, vulnerabilities, traffic, trends, incidents, and other anomalous activities affecting the Federal information infrastructure, national information infrastructure, or information systems, are being appropriately shared between and among appropriate Federal and non-Federal entities, including Federal cybersecurity centers, Federal and non-Federal network and security operations centers, cybersecurity exchanges, and non-Federal entities responsible for such information systems.

The Director of the Center, in consultation with the members of the Chief Information Officers Council established under section of title 44, United States Code, shall establish a program for sharing information with and between the Center and other Federal agencies that includes processes and procedures—. The Director of the Center shall ensure—.

The head of a Federal agency shall comply with all processes and procedures established under this subsection regarding notification to the Director of the Center relating to incidents. Unless otherwise directed by the President, any Federal agency with a national security system shall, consistent with the level of the risk, immediately notify the Director of the Center regarding any incident affecting the security of a national security system.

The Director of the Center shall establish a program for sharing cybersecurity threat and vulnerability information in support of activities under section e 1 between the Center, cybersecurity exchanges designated pursuant to section of the Cybersecurity Act of , State and local governments, the private sector, and international partners, which shall include processes and procedures that—.

In carrying out the duties under this subsection, the Director of the Center shall coordinate, as appropriate, with Federal and non-Federal entities engaged in similar information sharing efforts. The Director of the Center, in coordination with the Director of National Intelligence, shall conduct an annual evaluation of the sufficiency of access to classified information by owners and operators of national information infrastructure.

The Director of the Center shall create and promote a mechanism for owners and operators of national information infrastructure to provide feedback about the operations of the Center and recommendations for improvements of the Center, including recommendations to improve the sharing of classified and unclassified information.

Advancing Workforce Health at the Department of Homeland Security: Protecting Those Who Protect Us.

The Director of the Center, in consultation with the Attorney General, the Director of National Intelligence, and the Privacy Officer established under section j , shall develop guidelines to protect the privacy and civil liberties of United States persons and intelligence sources and methods, while carrying out this subsection.

Covered information, as defined in section of the Cybersecurity Act of , submitted to the Center in accordance with this subtitle shall be treated as voluntarily shared critical infrastructure information under section , except that the requirement of section that the information be voluntarily submitted, including the requirement for an express statement, shall not be required for submissions of covered information.

Limitation on use of voluntarily submitted information for regulatory enforcement actions. A Federal entity may not use information submitted under this subtitle as evidence in a regulatory enforcement action against the individual or entity that lawfully submitted the information. Unless otherwise directed by the President—. The National Center for Cybersecurity and Communications is authorized to use the authorities under subsections c 1 and d 1 B of section of title 10, United States Code, instead of the authorities under subsections a 1 and b 2 of section of title 41, United States Code, subject to all other requirements of sections and of title 41, United States Code.