U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 22, 2024
All Titles
Title 15
Chapter 100
§ 7405. Consultation...
§ 7407. Authorization of appropr...
§ 7405. Consultation...
§ 7407. Authorization of appropr...
U.S. Code
Notes
§ 7406.
National Institute of Standards and Technology programs
(a)
, (b) Omitted
(c)
Security automation and checklists for Government systems
(1)
In general
(2)
Priorities for development
The Director of the National Institute of Standards and Technology shall establish priorities for the development of standards, reference materials, and checklists under this subsection on the basis of—
(A)
the security risks associated with the use of the system;
(B)
the number of agencies that use a particular system or security tool;
(C)
the usefulness of the standards, reference materials, or checklists to Federal agencies that are users or potential users of the system;
(D)
the effectiveness of the associated standard, reference material, or checklist in creating or enabling continuous monitoring of information security; or
(E)
such other factors as the Director of the National Institute of Standards and Technology determines to be appropriate.
(3)
Excluded systems
(4)
Dissemination of standards and related materials
(5)
Agency use requirements
The development of standards, reference materials, and checklists under paragraph (1) for an information technology hardware or software system or tool does not—
(A)
require any Federal agency to select the specific settings or options recommended by the standard, reference material, or checklist for the system;
(B)
establish conditions or prerequisites for Federal agency procurement or deployment of any such system;
(C)
imply an endorsement of any such system by the Director of the National Institute of Standards and Technology; or
(D)
preclude any Federal agency from procuring or deploying other information technology hardware or software systems for which no such standard, reference material, or checklist has been developed or identified under paragraph (1).
(d)
Federal agency information security programs
(1)
In general
In developing the agencywide information security program required by
section 3554(b) of title 44
, an agency that deploys a computer hardware or software system for which the Director of the National Institute of Standards and Technology has developed a checklist under subsection (c) of this section—
(A)
shall include in that program an explanation of how the agency has considered such checklist in deploying that system; and
(B)
may treat the explanation as if it were a portion of the agency’s annual performance plan properly classified under criteria established by an Executive Order (within the meaning of
section 1115(d) of title 31
).
(2)
Limitation
(
Pub. L. 107–305, § 8
,
Nov. 27, 2002
,
116 Stat. 2375
;
Pub. L. 113–274, title II, § 203
,
Dec. 18, 2014
,
128 Stat. 2979
;
Pub. L. 113–283, § 2(e)(2)
,
Dec. 18, 2014
,
128 Stat. 3086
.)
cite as:
15 USC 7406
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!