40 U.S.C. § 11331 Responsibilities For Federal Information Systems Standards

LibraryUnited States Statutes
Edition2023
CurrencyCurrent through P.L. 118-34 (published on www.congress.gov on 12/26/2023), except for [P. L. 118-31]
Year2023
Citation40 U.S.C. § 11331

(a) STANDARDS AND GUIDELINES.-

(1) AUTHORITY TO PRESCRIBE.-Except as provided under paragraph (2), the Secretary of Commerce shall, on the basis of standards and guidelines developed by the National Institute of Standards and Technology pursuant to paragraphs (2) and (3) of section 20(a) of the National Institute of Standards and Technology Act ( 15 U.S.C. 278g-3(a) ), prescribe standards and guidelines pertaining to Federal information systems.

(2) NATIONAL SECURITY SYSTEMS.-Standards and guidelines for national security systems shall be developed, prescribed, enforced, and overseen as otherwise authorized by law and as directed by the President.

(b) MANDATORY REQUIREMENTS.-

(1) AUTHORITY TO MAKE MANDATORY.-Except as provided under paragraph (2), the Secretary of Commerce shall make standards prescribed under subsection (a)(1) compulsory and binding to the extent determined necessary by the Secretary to improve the efficiency of operation or security of Federal information systems.

(2) REQUIRED MANDATORY STANDARDS.-

(A) IN GENERAL.-Standards prescribed under subsection (a)(1) shall include information security standards that-

(i) provide minimum information security requirements as determined under section 20(b) of the National Institute of Standards and Technology Act ( 15 U.S.C. 278g-3(b) ); and

(ii) are otherwise necessary to improve the security of Federal information and information systems.

(B) REQUIREMENT.-Information security standards described in subparagraph (A) shall be compulsory and binding.

(c) AUTHORITY TO DISAPPROVE OR MODIFY.-The President may disapprove or modify the standards and guidelines referred to in subsection (a)(1) if the President determines such action to be in the public interest. The President's authority to disapprove or modify such standards and guidelines may not be delegated. Notice of such disapproval or modification shall be published promptly in the Federal Register. Upon receiving notice of such disapproval or modification, the Secretary of Commerce shall immediately rescind or modify such standards or guidelines as directed by the President.

(d) EXERCISE OF AUTHORITY.-To ensure fiscal and policy consistency, the Secretary of Commerce shall exercise the authority conferred by this section subject to direction by the President and in coordination with the Director of the Office of Management and Budget.

(e) APPLICATION OF MORE STRINGENT STANDARDS.-The head of an executive agency may employ standards for the cost-effective information security for Federal information systems within or under the supervision of that agency that are more stringent than the standards the Secretary prescribes under this section if the more stringent standards-

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT