Skip to main content

About LII / Get the law / Find a lawyer / Legal Encyclopedia / Help Out

44 USC § 3533 - Authority and functions of the Director

USCPrelim is a preliminary release and may be subject to further revision before it is released again as a final version.

Current through Pub. L. 113-99. (See Public Laws for the current Congress.)

(a) The Director shall oversee agency information security policies and practices, by—

(1) promulgating information security standards under section 11331 of title 40;

(2) overseeing the implementation of policies, principles, standards, and guidelines on information security;

(3) requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of—

(A) information collected or maintained by or on behalf of an agency; or

(B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency;

(4) coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure, to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems;

(5) overseeing agency compliance with the requirements of this subchapter, including through any authorized action under section 11303 (b)(5) of title 40, to enforce accountability for compliance with such requirements;

(6) reviewing at least annually, and approving or disapproving, agency information security programs required under section 3534 (b);

(7) coordinating information security policies and procedures with related information resources management policies and procedures; and

(8) reporting to Congress no later than March 1 of each year on agency compliance with the requirements of this subchapter, including—

(A) a summary of the findings of evaluations required by section 3535;

(B) significant deficiencies in agency information security practices;

(C) planned remedial action to address such deficiencies; and

(D) a summary of, and the views of the Director on, the report prepared by the National Institute of Standards and Technology under section 20(d)(9) of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).

(b) Except for the authorities described in paragraphs (4) and (7) of subsection (a), the authorities of the Director under this section shall not apply to national security systems.

(a) The Director shall oversee agency information security policies and practices, by—

(1) promulgating information security standards under section 11331 of title 40;

(2) overseeing the implementation of policies, principles, standards, and guidelines on information security;

(3) requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of—

(A) information collected or maintained by or on behalf of an agency; or

(B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency;

(4) coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure, to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems;

(5) overseeing agency compliance with the requirements of this subchapter, including through any authorized action under section 11303 (b)(5) of title 40, to enforce accountability for compliance with such requirements;

(6) reviewing at least annually, and approving or disapproving, agency information security programs required under section 3534 (b);

(7) coordinating information security policies and procedures with related information resources management policies and procedures; and

(8) reporting to Congress no later than March 1 of each year on agency compliance with the requirements of this subchapter, including—

(A) a summary of the findings of evaluations required by section 3535;

(B) significant deficiencies in agency information security practices;

(C) planned remedial action to address such deficiencies; and

(D) a summary of, and the views of the Director on, the report prepared by the National Institute of Standards and Technology under section 20(d)(9) of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).

(b) Except for the authorities described in paragraphs (4) and (7) of subsection (a), the authorities of the Director under this section shall not apply to national security systems.

Source

(Added Pub. L. 107–296, title X, § 1001(b)(1),Nov. 25, 2002, 116 Stat. 2261.)

Applicability of Section

This section not to apply while subchapter III of this chapter is in effect, see section 3549 of this title.

Prior Provisions

A prior section 3533, added Pub. L. 106–398, § 1 [[div. A], title X, § 1061], Oct. 30, 2000, 114 Stat. 1654, 1654A–266, set forth authority and functions of the Director prior to the general amendment of this subchapter by Pub. L. 107–296.

The table below lists the classification updates, since Jan. 3, 2012, for this section. Updates to a broader range of sections may be found at the update page for containing chapter, title, etc.

The most recent Classification Table update that we have noticed was Friday, May 3, 2013

An empty table indicates that we see no relevant changes listed in the classification tables. If you suspect that our system may be missing something, please double-check with the Office of the Law Revision Counsel.

How To Use

Multiple entries for a section are listed most recent first, within the section.

The Session Year indicates which session of Congress was responsible for the changes classified. The Congress number forms the first part of the Public Law number; each Congress has two sessions.

Abbreviations used in the Description of Change column:

An empty field implies a standard amendment.
"new" means a new section or new note, or all new text of an existing section or note.
"nt" means note.
"nt [tbl]" means note [table].
"prec" means preceding.
"fr" means a transfer from another section.
"to" means a transfer to another section.
"omitted" means the section is omitted.
"repealed" means the section is repealed.
"nt ed change" and "ed change" - See the Editorial Classification Change Table [pdf].

The Public Law field is linked to the development of the law in the Thomas system at the Library of Congress.

The Statutes at Large field is linked to the text of the law, in the context of its volume of the Statutes at Large, at the Government Printing Office. Please note that it takes a while for these pages to get posted, so for very recent legislation, you need to look at the "enrolled" version at the Thomas site.

The Statutes at Large references have been rendered in the format used as page numbers in the Public Law web pages to which we link, to facilitate copy-paste into browser "find on this (web) page" tools. We are still working on a more direct link facility.

For serious comparison work, we suggest copying all or a portion of the Public Law text into your favorite text editor, for convenient content traversal and window control.

Sections with change type "new" are a special case, still under development. All are now listed, at the title level only.

You will find that occassionally a specific update you notice in a Public Law listed in a classification table will already have made it into the Code. We assume this is an artifact of the LRC edit process. The LII does not edit the LRC content.

General Reference

Refer to the LRC (Law Revision Council) for explanations about the US Code from the folks who put it all together.

You can look for information about what it is and is not, which titles are positive law, the schedule of Supplements, etc. Under download you can find the source data we use here (GPO locator files), as well as, PDF files that look just like the paper books (these may be rather large).

Refer to the Thomas site for changes that have not yet made it into the classification tables.

44 USC	Description of Change	Session Year	Public Law	Statutes at Large

LII has no control over and does not endorse any external Internet site that contains links to or references LII.