U.S. CODE
Rulings
AD/CVD
Notices
HTSUS
U.S. Code
Regs
More
Ports
About
Updates
Apps
Larger font
Smaller font
CustomsMobile Pro
beta now open!
Apply for a FREE beta account. Spaces are limited so apply today.
SIGNUP FOR BETA
SEARCH
Toggle Dropdown
Search US Code
Search Leg. Notes
Sort by Rank
Titles Ascending
Titles Descending
10 per page
25 Result/page
50 Result/page
U.S Code last checked for updates: Nov 26, 2024
All Titles
Title 6
Chapter 6
Subchapter I
§ 1502. Sharing of information b...
§ 1504. Sharing of cyber threat ...
§ 1502. Sharing of information b...
§ 1504. Sharing of cyber threat ...
U.S. Code
§ 1503.
Authorizations for preventing, detecting, analyzing, and mitigating cybersecurity threats
(a)
Authorization for monitoring
(1)
In general
Notwithstanding any other provision of law, a private entity may, for cybersecurity purposes, monitor—
(A)
an information system of such private entity;
(B)
an information system of another non-Federal entity, upon the authorization and written consent of such other entity;
(C)
an information system of a Federal entity, upon the authorization and written consent of an authorized representative of the Federal entity; and
(D)
information that is stored on, processed by, or transiting an information system monitored by the private entity under this paragraph.
(2)
Construction
Nothing in this subsection shall be construed—
(A)
to authorize the monitoring of an information system, or the use of any information obtained through such monitoring, other than as provided in this subchapter; or
(B)
to limit otherwise lawful activity.
(b)
Authorization for operation of defensive measures
(1)
In general
Notwithstanding any other provision of law, a private entity may, for cybersecurity purposes, operate a defensive measure that is applied to—
(A)
an information system of such private entity in order to protect the rights or property of the private entity;
(B)
an information system of another non-Federal entity upon written consent of such entity for operation of such defensive measure to protect the rights or property of such entity; and
(C)
an information system of a Federal entity upon written consent of an authorized representative of such Federal entity for operation of such defensive measure to protect the rights or property of the Federal Government.
(2)
Construction
Nothing in this subsection shall be construed—
(A)
to authorize the use of a defensive measure other than as provided in this subsection; or
(B)
to limit otherwise lawful activity.
(c)
Authorization for sharing or receiving cyber threat indicators or defensive measures
(1)
In general
(2)
Lawful restriction
(3)
Construction
Nothing in this subsection shall be construed—
(A)
to authorize the sharing or receiving of a cyber threat indicator or defensive measure other than as provided in this subsection; or
(B)
to limit otherwise lawful activity.
(d)
Protection and use of information
(1)
Security of information
(2)
Removal of certain personal information
A non-Federal entity sharing a cyber threat indicator pursuant to this subchapter shall, prior to such sharing—
(A)
review such cyber threat indicator to assess whether such cyber threat indicator contains any information not directly related to a cybersecurity threat that the non-Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual and remove such information; or
(B)
implement and utilize a technical capability configured to remove any information not directly related to a cybersecurity threat that the non-Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual.
(3)
Use of cyber threat indicators and defensive measures by non-Federal entities
(A)
In general
Consistent with this subchapter, a cyber threat indicator or defensive measure shared or received under this section may, for cybersecurity purposes—
(i)
be used by a non-Federal entity to monitor or operate a defensive measure that is applied to—
(I)
an information system of the non-Federal entity; or
(II)
an information system of another non-Federal entity or a Federal entity upon the written consent of that other non-Federal entity or that Federal entity; and
(ii)
be otherwise used, retained, and further shared by a non-Federal entity subject to—
(I)
an otherwise lawful restriction placed by the sharing non-Federal entity or Federal entity on such cyber threat indicator or defensive measure; or
(II)
an otherwise applicable provision of law.
(B)
Construction
(4)
Use of cyber threat indicators by State, tribal, or local government
(A)
Law enforcement use
(B)
Exemption from disclosure
A cyber threat indicator or defensive measure shared by or with a State, tribal, or local government, including a component of a State, tribal, or local government that is a private entity, under this section shall be—
(i)
deemed voluntarily shared information; and
(ii)
exempt from disclosure under any provision of State, tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring disclosure of information or records.
(C)
State, tribal, and local regulatory authority
(i)
In general
(ii)
Regulatory authority specifically relating to prevention or mitigation of cybersecurity threats
(e)
Antitrust exemption
(1)
In general
(2)
Applicability
Paragraph (1) shall apply only to information that is exchanged or assistance provided in order to assist with—
(A)
facilitating the prevention, investigation, or mitigation of a cybersecurity threat to an information system or information that is stored on, processed by, or transiting an information system; or
(B)
communicating or disclosing a cyber threat indicator to help prevent, investigate, or mitigate the effect of a cybersecurity threat to an information system or information that is stored on, processed by, or transiting an information system.
(f)
No right or benefit
(
Pub. L. 114–113, div. N, title I, § 104
,
Dec. 18, 2015
,
129 Stat. 2940
.)
cite as:
6 USC 1503
.list_box li,p,.cm-search-info,.cm-search-detail,.abt span,.expand-collapse_top
Get the CustomsMobile app!