(a)The Director shall oversee agency information security policies and practices, by—
(1)promulgating information security standards under section
11331 of title
(2)overseeing the implementation of policies, principles, standards, and guidelines on information security;
(3)requiring agencies, consistent with the standards promulgated under such section
11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of—
(A)information collected or maintained by or on behalf of an agency; or
(B)information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency;
(4)coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure, to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems;
(5)overseeing agency compliance with the requirements of this subchapter, including through any authorized action under section
11303(b)(5) of title
40, to enforce accountability for compliance with such requirements;
(6)reviewing at least annually, and approving or disapproving, agency information security programs required under section
(7)coordinating information security policies and procedures with related information resources management policies and procedures; and
(8)reporting to Congress no later than March 1 of each year on agency compliance with the requirements of this subchapter, including—
(A)a summary of the findings of evaluations required by section
(B)significant deficiencies in agency information security practices;
(C)planned remedial action to address such deficiencies; and
(D)a summary of, and the views of the Director on, the report prepared by the National Institute of Standards and Technology under section 20(d)(9) of the National Institute of Standards and Technology Act (15 U.S.C. 278g–3).
(b)Except for the authorities described in paragraphs (4) and (7) of subsection (a), the authorities of the Director under this section shall not apply to national security systems.
The table below lists the classification updates, since Jan. 3, 2012, for this section. Updates to a broader range of sections may be found at the update page for containing chapter, title, etc.
The most recent Classification Table update that we have noticed was Tuesday, August 13, 2013
An empty table indicates that we see no relevant changes listed in the classification tables. If you suspect that our system may be missing something, please double-check with the Office of the Law Revision Counsel.
Description of Change
Statutes at Large
LII has no control over and does not endorse any external Internet site that contains links to or references LII.