Warning: session_start(): open(/var/lib/php/session/sess_u170unhacckjntucfjkk5ar7s3, O_RDWR) failed: Permission denied (13) in /var/www/html/realclearpolitics.com/httpdocs/congressional_bill_tracker/app/application/mvc.php on line 3 Warning: file_get_contents(http://congress.api.sunlightfoundation.com/bills?apikey=f323a285321542e3925601990ef5c589&congress=114&bill_type=hr&number=6066&fields=versions,latest_version): failed to open stream: HTTP request failed! HTTP/1.1 504 Gateway Time-out in /var/www/html/realclearpolitics.com/httpdocs/congressional_bill_tracker/app/application/model.php on line 738 RCP Congressional Bill Tracker - H.R. 6066

CONGRESSIONAL BILL TRACKER

Track Members of Congress & Get Email Updates on Their Activity

H.R. 6066: Cybersecurity Responsibility and Accountability Act of 2016

Title: Cybersecurity Responsibility and Accountability Act of 2016

Introduced: Sep 19, 2016 (114th Congress)

Sponsor: Rep. Ralph Abraham [R-LA5]

Status: Reported by Committee - Ordered to be Reported by Voice Vote.

Summary: Cybersecurity Responsibility and Accountability Act of 2016 This bill requires the National Institute of Standards and Technology (NIST) to incorporate additional cybersecurity requirements in its computer standards for agency information systems and provide the Office of Management and Budget (OMB) with a process for agencies to implement those standards. NIST must also: (1) support development of information security training and certification for agency heads, (2) address agency-identified information security challenges and knowledge gaps, (3) assess information security statutory requirements, and (4) develop security standards for national security systems. The OMB must require the heads of agencies (currently, agencies generally) to: (1) report on the adequacy of their information security procedures, (2) provide for independent evaluations of information security practices, and (3) notify Congress and affected individuals of data breaches. Intelligence community agencies affected by data breaches must notify NIST. Chief information officers of agencies must collaborate with their agency head to designate chief information security officers (positions with job responsibilities to be developed by the OMB and NIST) to replace their current senior agency information security officers. Agencies must develop mandatory annual information security training and certification to ensure that agency heads understand federal cybersecurity policy regarding: (1) agency systems, (2) cyber-attacks and data breaches, and (3) not using private email servers or messaging systems for official communications. Agency heads must certify that their agencies meet information security standards and provide reasons for not meeting any standards. Agency heads must also develop annual plans to implement information security recommendations of the Government Accountability Office (GAO) and inspectors general. If an agency head fails to implement such a recommendation, the reasons for the failure must be provided to the OMB for approval. For each OMB-defined "major cybersecurity incident" (e.g., an incident involving classified information) that an agency experiences, the agency head must transmit an inspector general-performed independent evaluation to the OMB, the Department of Homeland Security, NIST, Congress, and the GAO. If the evaluation determines that the incident occurred because the agency head failed to comply sufficiently with NIST certification standards or recommendations of the GAO or agency inspectors general, then the OMB must hold the agency head accountable through an enforcement action, which may include actions under the budgetary or appropriations process, a recommendation for the President to remove or demote the agency head, or actions to ensure that the agency head does not receive cash or pay awards or bonuses for one year.

Votes

Warning: Unknown: open(/var/lib/php/session/sess_u170unhacckjntucfjkk5ar7s3, O_RDWR) failed: Permission denied (13) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0