Pub. L. 107–347
, title IV, § 402(b),Dec. 17, 2002, 116 Stat. 2962
, provided that: “Title III [see Short Title of 2002 Amendments note set out under section
of this title] and this title [enacting provisions set out as a note under section
of this title] shall take effect on the date of enactment of this Act [Dec. 17, 2002].”
Pub. L. 113–6
, div. D, title V, § 558,Mar. 26, 2013, 127 Stat. 377
, provided that:
“(a) Of the amounts made available by this Act [div. D of Pub. L. 113—6, see Tables for classification] for National Protection and Programs Directorate, ‘Infrastructure Protection and Information Security’, $202,000,000 for the ‘Federal Network Security’ program, project, and activity shall be used to deploy on Federal systems technology to improve the information security of agency information systems covered by section
, United States Code: Provided, That funds made available under this section shall be used to assist and support Government-wide and agency-specific efforts to provide adequate, risk-based, and cost-effective cybersecurity to address escalating and rapidly evolving threats to information security, including the acquisition and operation of a continuous monitoring and diagnostics program, in collaboration with departments and agencies, that includes equipment, software, and Department of Homeland Security supplied services: Provided further, That not later than April 1, 2013, and quarterly thereafter, the Under Secretary of Homeland Security of the National Protection and Programs Directorate shall submit to the Committees on Appropriations of the Senate and House of Representatives a report on the obligation and expenditure of funds made available under this section: Provided further, That continuous monitoring and diagnostics software procured by the funds made available by this section shall not transmit to the Department of Homeland Security any personally identifiable information or content of network communications of other agencies’ users: Provided further, That such software shall be installed, maintained, and operated in accordance with all applicable privacy laws and agency-specific policies regarding network content.
“(b) Funds made available under this section may not be used to supplant funds provided for any such system within an agency budget.
“(c) Not later than July 1, 2013, the heads of all Federal agencies shall submit to the Committees on Appropriations of the Senate and House of Representatives expenditure plans for necessary cybersecurity improvements to address known vulnerabilities to information systems described in subsection (a).
“(d) Not later than October 1, 2013, and quarterly thereafter, the head of each Federal agency shall submit to the Director of the Office of Management and Budget a report on the execution of the expenditure plan for that agency required by subsection (c): Provided, That the Director of the Office of Management and Budget shall summarize such execution reports and annually submit such summaries to Congress in conjunction with the annual progress report on implementation of the E-Government Act of 2002 (Public Law 107–347), as required by section
, United States Code.
“(e) This section shall not apply to the legislative and judicial branches of the Federal Government and shall apply to all Federal agencies within the executive branch except for the Department of Defense, the Central Intelligence Agency, and the Office of the Director of National Intelligence.”