Bill SponsorBILLSPONSOR
Bill Sponsor
Politicians
Bills
House Bill 8779
116th Congress(2019-2020)
Federal Cybersecurity Oversight Act of 2020
Introduced
Introduced
Introduced in House on Nov 18, 2020
Overview
Text
Introduced in House 
Nov 18, 2020
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in House(Nov 18, 2020)
Nov 18, 2020
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
H. R. 8779 (Introduced-in-House)


116th CONGRESS
2d Session
H. R. 8779


To amend the Federal Cybersecurity Enhancement Act of 2015 to require Federal agencies to obtain exemptions from certain cybersecurity requirements in order to avoid compliance with those requirements, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES

November 18, 2020

Ms. Underwood introduced the following bill; which was referred to the Committee on Oversight and Reform

A BILL

To amend the Federal Cybersecurity Enhancement Act of 2015 to require Federal agencies to obtain exemptions from certain cybersecurity requirements in order to avoid compliance with those requirements, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Federal Cybersecurity Oversight Act of 2020”.

SEC. 2. Federal cybersecurity requirements.

(a) Exemption from Federal requirements.—Section 225(b)(2) of the Federal Cybersecurity Enhancement Act of 2015 (6 U.S.C. 1523(b)(2)) is amended to read as follows:

“(2) EXCEPTION.—

“(A) IN GENERAL.—A particular requirement under paragraph (1) shall not apply to an agency information system of an agency if—

“(i) with respect to the agency information system, the head of the agency submits to the Director an application for an exemption from the particular requirement, in which the head of the agency personally certifies to the Director with particularity that—

“(I) operational requirements articulated in the certification and related to the agency information system would make it excessively burdensome to implement the particular requirement;

“(II) the particular requirement is not necessary to secure the agency information system or agency information stored on or transiting the agency information system; and

“(III) the agency has taken all necessary steps to secure the agency information system and agency information stored on or transiting the agency information system;

“(ii) the head of the agency or the designee of the head of the agency has submitted the certification described in clause (i) to the appropriate congressional committees and any other congressional committee with jurisdiction over the agency; and

“(iii) the Director grants the exemption from the particular requirement.

“(B) DURATION OF EXEMPTION.—

“(i) IN GENERAL.—An exemption granted under subparagraph (A) shall expire on the date that is 1 year after the date on which the Director grants the exemption.

“(ii) RENEWAL.—Upon the expiration of an exemption granted to an agency under subparagraph (A), the head of the agency may apply for an additional exemption.”.

(b) Report on exemptions.—Section 3554(c)(1)(A) of title 44, United States Code, is amended—

(1) in clause (iii), by striking “and” at the end;

(2) by redesignating clause (iv) as clause (v); and

(3) by inserting after clause (iii) the following:

“(iv) with respect to any exemptions the agency is granted by the Director of the Office of Management and Budget under section 225(b)(2) of the Federal Cybersecurity Enhancement Act of 2015 (6 U.S.C. 1523(b)(2)) that is effective on the date of submission of the report—

“(I) an identification of the particular requirements from which any agency information system (as defined in section 2210 of the Homeland Security Act of 2002 (6 U.S.C. 660)) is exempted; and

“(II) for each requirement identified under subclause (I)—

“(aa) an identification of the agency information system described in subclause (I) exempted from the requirement; and

“(bb) an estimate of the date on which the agency will be able to comply with the requirement; and”.

(c) Effective date.—This Act and the amendments made by this Act shall take effect on the date that is 1 year after the date of enactment of this Act.