The Secretary shall establish within the Agency a Cybersecurity Advisory Committee (referred to in this section as the “Advisory Committee”).
Recommendations agreed upon by subcommittees established under subsection (d) for any year shall be approved by the Advisory Committee before the Advisory Committee submits to the Director the annual report under paragraph (4) for that year.
The Advisory Committee shall submit to the Director an annual report providing information on the activities, findings, and recommendations of the Advisory Committee, including its subcommittees, for the preceding year.
Not later than 180 days after the date on which the Director receives an annual report for a year under subparagraph (A), the Director shall publish a public version of the report describing the activities of the Advisory Committee and such related matters as would be informative to the public during that year, consistent with section 552(b) of title 5.
Not less frequently than once per year after January 1, 2021, the Director shall provide to the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate and the Committee on Homeland Security, the Committee on Energy and Commerce, and the Committee on Appropriations of the House of Representatives a briefing on feedback from the Advisory Committee.
The Director shall establish rules for the structure and governance of the Advisory Committee and all subcommittees established under subsection (d).
Not later than 180 days after the date of enactment of the Cybersecurity Advisory Committee Authorization Act of 2020,[1] the Director shall appoint the members of the Advisory Committee.
The membership of the Advisory Committee shall consist of not more than 35 individuals.
The term of each member of the Advisory Committee shall be two years, except that a member may continue to serve until a successor is appointed.
The members of the Advisory Committee may not receive pay or benefits from the United States Government by reason of their service on the Advisory Committee.
The Director shall require the Advisory Committee to meet not less frequently than semiannually, and may convene additional meetings as necessary.
Not later than 60 days after the date on which a member is first appointed to the Advisory Committee and before the member is granted access to any classified information, the Director shall determine, for the purposes of the Advisory Committee, if the member should be restricted from reviewing, discussing, or possessing classified information.
Access to classified materials shall be managed in accordance with Executive Order No. 13526 of December 29, 2009 (75 Fed. Reg. 707), or any subsequent corresponding Executive Order.
A member of the Advisory Committee shall protect all classified information in accordance with the applicable requirements for the particular level of classification of such information.
Nothing in this paragraph shall be construed to affect the security clearance of a member of the Advisory Committee or the authority of a Federal agency to provide a member of the Advisory Committee access to classified information.
Each subcommittee shall meet not less frequently than semiannually, and submit to the Advisory Committee for inclusion in the annual report required under subsection (b)(4) information, including activities, findings, and recommendations, regarding subject matter considered by the subcommittee.