6 U.S. Code § 149 - Cybersecurity plans

§ 149.
Cybersecurity plans
(a) DefinitionsIn this section—
(1)
the term “agency information system” means an information system used or operated by an agency or by another entity on behalf of an agency;
(2)
the terms “cybersecurity risk” and “information system” have the meanings given those terms in section 148 of this title;
(3)
the term “intelligence community” has the meaning given the term in section 3003(4) of title 50; and
(4)
the term “national security system” has the meaning given the term in section 11103 of title 40.
(b) Intrusion assessment plan
(1) RequirementThe Secretary, in coordination with the Director of the Office of Management and Budget, shall—
(A)
develop and implement an intrusion assessment plan to proactively detect, identify, and remove intruders in agency information systems on a routine basis; and
(B)
update such plan as necessary.
(2) Exception

The intrusion assessment plan required under paragraph (1) shall not apply to the Department of Defense, a national security system, or an element of the intelligence community.

(c) Cyber incident response plan

The Under Secretary appointed under section 113(a)(1)(H) of this title shall, in coordination with appropriate Federal departments and agencies, State and local governments, sector coordinating councils, information sharing and analysis organizations (as defined in section 131(5) of this title), owners and operators of critical infrastructure, and other appropriate entities and individuals, develop, regularly update, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks (as defined in section 148 of this title) to critical infrastructure.

(d) National Response Framework

The Secretary, in coordination with the heads of other appropriate Federal departments and agencies, and in accordance with the National Cybersecurity Incident Response Plan required under subsection (c), shall regularly update, maintain, and exercise the Cyber Incident Annex to the National Response Framework of the Department.

(Pub. L. 107–296, title II, § 228, as added and amended Pub. L. 114–113, div. N, title II, §§ 205, 223(a)(2), (4), (5), Dec. 18, 2015, 129 Stat. 2961, 2963, 2964.)
Codification

Former section 149 of this title, which was transferred and redesignated as subsec. (c) of this section by Pub. L. 114–113, div. N, title II, § 223(a)(2), Dec. 18, 2015, 129 Stat. 2963, was based on Pub. L. 107–296, title II, § 227, as added by Pub. L. 113–282, § 7(a), Dec. 18, 2014, 128 Stat. 3070.

Prior Provisions

A prior section 228 of Pub. L. 107–296 was renumbered section 229 and is classified to section 150 of this title.

Amendments

2015—Subsec. (c). Pub. L. 114–113, § 223(a)(5), made technical amendment to reference in original act which appears in text as reference to section 148 of this title.

Pub. L. 114–113, § 223(a)(2), transferred former section 149 of this title to subsec. (c) of this section. See Codification note above.

Subsec. (d). Pub. L. 114–113, § 205, added subsec. (d).

Rule of Construction

Pub. L. 113–282, § 7(c), Dec. 18, 2014, 128 Stat. 3072, provided that:

“Nothing in the amendment made by subsection (a) [enacting subsec. (c) of this section and section 150 of this title] or in subsection (b)(1) [formerly classified as a note under section 3543 of Title 44, Public Printing and Documents, see now section 2(d)(1) of Pub. L. 113–283, set out as a note under section 3553 of Title 44] shall be construed to alter any authority of a Federal agency or department.”

 

LII has no control over and does not endorse any external Internet site that contains links to or references LII.