6 U.S.C. § 1524 Assessment; Reports

• Library: United States Statutes
• Edition: 2023 Edition
• Currency: Current through P.L. 118-19 (published on www.congress.gov on 10/06/2023)

(a) Definitions

In this section:

(1) Agency information

The term "agency information" has the meaning given the term in section 2213 of the Homeland Security Act of 2002 [ 6 U.S.C. 663 ].

(2) Cyber threat indicator; defensive measure

The terms "cyber threat indicator" and "defensive measure" have the meanings given those terms in section 650 of this title.

(3) Intrusion assessments

The term "intrusion assessments" means actions taken under the intrusion assessment plan to identify and remove intruders in agency information systems.

(4) Intrusion assessment plan

The term "intrusion assessment plan" means the plan required under section 2210(b)(1) of the Homeland Security Act of 2002 [ 6 U.S.C. 660(b)(1) ].

(5) Intrusion detection and prevention capabilities

The term "intrusion detection and prevention capabilities" means the capabilities required under section 2213(b) of the Homeland Security Act of 2002 [ 6 U.S.C. 663(b) ].

(b) Third-party assessment

Not later than 3 years after December 18, 2015, the Comptroller General of the United States shall conduct a study and publish a report on the effectiveness of the approach and strategy of the Federal Government to securing agency information systems, including the intrusion detection and prevention capabilities and the intrusion assessment plan.

(c) Reports to Congress

(1) Intrusion detection and prevention capabilities

(A) Secretary of Homeland Security report

Not later than 6 months after December 18, 2015, and annually thereafter, the Secretary shall submit to the appropriate congressional committees a report on the status of implementation of the intrusion detection and prevention capabilities, including-

(i) a description of privacy controls;

(ii) a description of the technologies and capabilities utilized to detect cybersecurity risks in network traffic, including the extent to which those technologies and capabilities include existing commercial and noncommercial technologies;

(iii) a description of the technologies and capabilities utilized to prevent network traffic associated with cybersecurity risks from transiting or traveling to or from agency information systems, including the extent to which those technologies and capabilities include existing commercial and noncommercial technologies;

(iv) a list of the types of indicators or other identifiers or techniques used to detect cybersecurity risks in network traffic transiting or traveling to or from agency information systems on each iteration of the intrusion detection and prevention capabilities and the number of each such type of indicator, identifier, and technique;