Section was formerly classified to section 149 of this title prior to renumbering by Pub. L. 115–278.

Former section 149 of this title, which was transferred and redesignated as subsec. (c) of this section by Pub. L. 114–113, div. N, title II, § 223(a)(2), Dec. 18, 2015, 129 Stat. 2963, was based on Pub. L. 107–296, title II, § 227, as added by Pub. L. 113–282, § 7(a), Dec. 18, 2014, 128 Stat. 3070.

2022—Subsec. (a). Pub. L. 117–263, § 7143(b)(2)(E)(i), substituted “section, the term ‘agency information system’ means an information system used or operated by an agency or by another entity on behalf of an agency.” for “section—” and struck out pars. (1) to (4) which defined agency information system, cybersecurity risk, information system, intelligence community, and national security system.

Subsec. (c). Pub. L. 117–263, § 7143(c)(8), substituted “Director of the Cybersecurity and Infrastructure Security Agency” for “Director of Cybersecurity and Infrastructure Security”.

Pub. L. 117–263, § 7143(b)(2)(E)(ii), substituted “Information Sharing and Analysis Organizations” for “information sharing and analysis organizations (as defined in section 671(5) of this title)” and struck out “(as defined in section 659 of this title)” after “cybersecurity risks”.

Subsec. (e)(1)(B). Pub. L. 117–263, § 7143(b)(2)(E)(iii)(I), which directed striking out “(as such term is defined in section 659 of this title)”, was executed by striking out “(as such term is defined in section 659 of this title)” after “cybersecurity risks” and after “incidents”, to reflect the probable intent of Congress.

Subsec. (e)(3)(C). Pub. L. 117–263, § 7143(b)(2)(E)(iii)(II), struck out “(as such term is defined in section 1501 of this title)” after “information systems”.

2021—Subsec. (c). Pub. L. 117–81, § 1546, substituted “update not less often than biennially” for “regularly update” and inserted “The Director, in consultation with relevant Sector Risk Management Agencies and the National Cyber Director, shall develop mechanisms to engage with stakeholders to educate such stakeholders regarding Federal Government cybersecurity roles and responsibilities for cyber incident response.” at end.

Subsec. (e). Pub. L. 117–81, § 1545, added subsec. (e).

2018—Subsec. (a)(2). Pub. L. 115–278, § 2(g)(9)(A)(iv)(I), substituted “section 659 of this title” for “section 148 of this title”.

Subsec. (c). Pub. L. 115–278, § 2(g)(9)(A)(iv), substituted “Director of Cybersecurity and Infrastructure Security” for “Under Secretary appointed under section 113(a)(1)(H) of this title”, “section 671(5) of this title” for “section 131(5) of this title”, and “section 659 of this title” for “section 148 of this title”.

2015—Subsec. (c). Pub. L. 114–113, § 223(a)(5), made technical amendment to reference in original act which appears in text as reference to section 148 of this title.

Pub. L. 114–113, § 223(a)(2), transferred former section 149 of this title to subsec. (c) of this section. See Codification note above.

Subsec. (d). Pub. L. 114–113, § 205, added subsec. (d).

Nothing in amendment made by Pub. L. 117–263 to be construed to alter the authorities, responsibilities, functions, or activities of any agency (as such term is defined in 44 U.S.C. 3502) or officer or employee of the United States on or before Dec. 23, 2022, see section 7143(f)(1) of Pub. L. 117–263, set out as a note under section 650 of this title.

Pub. L. 113–282, § 7(c), Dec. 18, 2014, 128 Stat. 3072, provided that: “Nothing in the amendment made by subsection (a) [enacting subsec. (c) of this section and section 150 of this title] or in subsection (b)(1) [formerly classified as a note under section 3543 of Title 44, Public Printing and Documents, see now section 2(d)(1) of Pub. L. 113–283, set out as a note under section 3553 of Title 44] shall be construed to alter any authority of a Federal agency or department.”