U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 26, 2024
All Titles
Title 42
Chapter 162
Subchapter I
Part B
§ 18724. Enhanced grid security...
§ 18726. Savings provision...
§ 18724. Enhanced grid security...
§ 18726. Savings provision...
U.S. Code
Notes
§ 18725.
Cybersecurity plan
(a)
In general
The Secretary may require, as the Secretary determines appropriate, a recipient of any award or other funding under this division—
(1)
to submit to the Secretary, prior to the issuance of the award or other funding, a cybersecurity plan that demonstrates the cybersecurity maturity of the recipient in the context of the project for which that award or other funding was provided; and
(2)
establish a plan for maintaining and improving cybersecurity throughout the life of the proposed solution of the project.
(b)
Contents of cybersecurity plan
A cybersecurity plan described in subsection (a) shall, at a minimum, describe how the recipient described in that subsection—
(1)
plans to maintain cybersecurity between networks, systems, devices, applications, or components—
(A)
within the proposed solution of the project; and
(B)
at the necessary external interfaces at the proposed solution boundaries;
(2)
will perform ongoing evaluation of cybersecurity risks to address issues as the issues arise throughout the life of the proposed solution;
(3)
will report known or suspected network or system compromises of the project to the Secretary; and
(4)
will leverage applicable cybersecurity programs of the Department, including cyber vulnerability testing and security engineering evaluations.
(c)
Additional guidance
Each recipient described in subsection (a) should—
(1)
maximize the use of open guidance and standards, including, wherever possible—
(A)
the Cybersecurity Capability Maturity Model of the Department (or a successor model); and
(B)
the Framework for Improving Critical Infrastructure Cybersecurity of the National Institute of Standards and Technology; and
(2)
document—
(A)
any deviation from open standards; and
(B)
the utilization of proprietary standards where the recipient determines that such deviation necessary.
(d)
Coordination
(e)
Protection of information
Information provided to, or collected by, the Federal Government pursuant to this section the disclosure of which the Secretary reasonably foresees could be detrimental to the physical security or cybersecurity of any electric utility or the bulk-power system—
(1)
shall be exempt from disclosure under
section 552(b)(3) of title 5
; and
(2)
shall not be made available by any Federal agency, State, political subdivision of a State, or Tribal authority pursuant to any Federal, State, political subdivision of a State, or Tribal law, respectively, requiring public disclosure of information or records.
(
Pub. L. 117–58, div. D, title I, § 40126
,
Nov. 15, 2021
,
135 Stat. 956
.)
cite as:
42 USC 18725
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!