Bill SponsorBILLSPONSOR
Bill Sponsor
Politicians
Bills
House Bill 6443
115th Congress(2017-2018)
Advancing Cybersecurity Diagnostics and Mitigation Act
Active
Active
Passed House on Sep 4, 2018
Overview
Text
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
H. R. 6443 (Reported-in-House)

Union Calendar No. 706

115th CONGRESS
2d Session
H. R. 6443

[Report No. 115–910]


To amend the Homeland Security Act of 2002 to authorize the Secretary of Homeland Security to establish a continuous diagnostics and mitigation program at the Department of Homeland Security, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES

July 19, 2018

Mr. Ratcliffe (for himself, Mr. Richmond, Mr. McCaul, Mr. Katko, and Mr. Fitzpatrick) introduced the following bill; which was referred to the Committee on Homeland Security

August 28, 2018

Additional sponsor: Mr. Donovan

August 28, 2018

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed

[Strike out all after the enacting clause and insert the part printed in italic]

[For text of introduced bill, see copy of bill as introduced on July 19, 2018]

A BILL

To amend the Homeland Security Act of 2002 to authorize the Secretary of Homeland Security to establish a continuous diagnostics and mitigation program at the Department of Homeland Security, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Advancing Cybersecurity Diagnostics and Mitigation Act”.

SEC. 2. Establishment of continuous diagnostics and mitigation program in Department of Homeland Security.

(a) In general.—Section 230 of the Homeland Security Act of 2002 (6 U.S.C. 151) is amended by adding at the end the following new subsection:

“(g) Continuous Diagnostics and Mitigation.—

“(1) PROGRAM.—

“(A) IN GENERAL.—The Secretary shall deploy, operate, and maintain a continuous diagnostics and mitigation program. Under such program, the Secretary shall—

“(i) develop and provide the capability to collect, analyze, and visualize information relating to security data and cybersecurity risks;

“(ii) make program capabilities available for use, with or without reimbursement;

“(iii) employ shared services, collective purchasing, blanket purchase agreements, and any other economic or procurement models the Secretary determines appropriate to maximize the costs savings associated with implementing an information system;

“(iv) assist entities in setting information security priorities and managing cybersecurity risks; and

“(v) develop policies and procedures for reporting systemic cybersecurity risks and potential incidents based upon data collected under such program.

“(B) REGULAR IMPROVEMENT.—The Secretary shall regularly deploy new technologies and modify existing technologies to the continuous diagnostics and mitigation program required under subparagraph (A), as appropriate, to improve the program.

“(2) ACTIVITIES.—In carrying out the continuous diagnostics and mitigation program under paragraph (1), the Secretary shall ensure, to the extent practicable, that—

“(A) timely, actionable, and relevant cybersecurity risk information, assessments, and analysis are provided in real time;

“(B) share the analysis and products developed under such program;

“(C) all information, assessments, analyses, and raw data under such program is made available to the national cybersecurity and communications integration center of the Department; and

“(D) provide regular reports on cybersecurity risks.”.

(b) Continuous Diagnostics and Mitigation Strategy.—

(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security shall develop a comprehensive continuous diagnostics and mitigation strategy to carry out the continuous diagnostics and mitigation program required under subsection (g) of section 230 of such Act, as added by subsection (a).

(2) SCOPE.—The strategy required under paragraph (1) shall include the following:

(A) A description of the continuous diagnostics and mitigation program, including efforts by the Secretary of Homeland Security to assist with the deployment of program tools, capabilities, and services, from the inception of the program referred to in paragraph (1) to the date of the enactment of this Act.

(B) A description of the coordination required to deploy, install, and maintain the tools, capabilities, and services that the Secretary of Homeland Security determines to be necessary to satisfy the requirements of such program.

(C) A description of any obstacles facing the deployment, installation, and maintenance of tools, capabilities, and services under such program.

(D) Recommendations and guidelines to help maintain and continuously upgrade tools, capabilities, and services provided under such program.

(E) Recommendations for using the data collected by such program for creating a common framework for data analytics, visualization of enterprise-wide risks, and real-time reporting.

(F) Recommendations for future efforts and activities, including for the rollout of new tools, capabilities and services, proposed timelines for delivery, and whether to continue the use of phased rollout plans, related to securing networks, devices, data, and information technology assets through the use of such program.

(3) FORM.—The strategy required under subparagraph (A) shall be submitted in an unclassified form, but may contain a classified annex.

(c) Report.—Not later than 90 days after the development of the strategy required under subsection (b), the Secretary of Homeland Security shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representative a report on cybersecurity risk posture based on the data collected through the continuous diagnostics and mitigation program under subsection (g) of section 230 of the Homeland Security Act of 2002, as added by subsection (a).

Union Calendar No. 706

115th CONGRESS
     2d Session
H. R. 6443
[Report No. 115–910]
A BILL
To amend the Homeland Security Act of 2002 to authorize the Secretary of Homeland Security to establish a continuous diagnostics and mitigation program at the Department of Homeland Security, and for other purposes.
August 28, 2018
Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed