U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 22, 2024
All Titles
Title 15
Chapter 7
§ 278g-3b. Security standards an...
§ 278g-3d. Implementation of coo...
§ 278g-3b. Security standards an...
§ 278g-3d. Implementation of coo...
U.S. Code
Notes
§ 278g–3c.
Guidelines on the disclosure process for security vulnerabilities relating to information systems, including Internet of Things devices
(a)
In general
Not later than 180 days after
December 4, 2020
, the Director of the Institute, in consultation with such cybersecurity researchers and private sector industry experts as the Director considers appropriate, and in consultation with the Secretary, shall develop and publish under
section 278g–3 of this title
guidelines—
(1)
for the reporting, coordinating, publishing, and receiving of information about—
(A)
a security vulnerability relating to information systems owned or controlled by an agency (including Internet of Things devices owned or controlled by an agency); and
(B)
the resolution of such security vulnerability; and
(2)
for a contractor providing to an agency an information system (including an Internet of Things device) and any subcontractor thereof at any tier providing such information system to such contractor, on—
(A)
receiving information about a potential security vulnerability relating to the information system; and
(B)
disseminating information about the resolution of a security vulnerability relating to the information system.
(b)
Elements
The guidelines published under subsection (a) shall—
(1)
to the maximum extent practicable, be aligned with industry best practices and Standards 29147 and 30111 of the International Standards Organization (or any successor standard) or any other appropriate, relevant, and widely-used standard;
(2)
incorporate guidelines on—
(A)
receiving information about a potential security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and
(B)
disseminating information about the resolution of a security vulnerability relating to an information system owned or controlled by an agency (including an Internet of Things device); and
(3)
be consistent with the policies and procedures produced under
section 659(m) of title 6
.
(c)
Information items
(d)
Oversight
(e)
Operational and technical assistance
(
Pub. L. 116–207, § 5
,
Dec. 4, 2020
,
134 Stat. 1004
.)
cite as:
15 USC 278g-3c
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!