Advancing Cybersecurity Diagnostics and Mitigation Act
(Sec. 2) This bill directs the Department of Homeland Security (DHS) to: (1) deploy, operate, and maintain a continuous diagnostics and mitigation program to collect, analyze, and visualize security data and cybersecurity risk; (2) regularly deploy new technologies and modify existing technologies to improve such program; (3) develop a comprehensive strategy to carry out the program; and (4) report to the congressional homeland security committees on cybersecurity risk posture based on data collected through the program.
In carrying out the program, DHS must ensure that cybersecurity risk information, assessments, and analyses are provided in real time and program information is available to the DHS national cybersecurity and communications integration center.
[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6443 Introduced in House (IH)]
<DOC>
115th CONGRESS
2d Session
H. R. 6443
To amend the Homeland Security Act of 2002 to authorize the Secretary
of Homeland Security to establish a continuous diagnostics and
mitigation program at the Department of Homeland Security, and for
other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 19, 2018
Mr. Ratcliffe (for himself, Mr. Richmond, Mr. McCaul, Mr. Katko, and
Mr. Fitzpatrick) introduced the following bill; which was referred to
the Committee on Homeland Security
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to authorize the Secretary
of Homeland Security to establish a continuous diagnostics and
mitigation program at the Department of Homeland Security, and for
other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Advancing Cybersecurity Diagnostics
and Mitigation Act''.
SEC. 2. ESTABLISHMENT OF CONTINUOUS DIAGNOSTICS AND MITIGATION PROGRAM
IN DEPARTMENT OF HOMELAND SECURITY.
(a) In General.--Section 230 of the Homeland Security Act of 2002
(6 U.S.C. 151) is amended by adding at the end the following new
subsection:
``(g) Continuous Diagnostics and Mitigation.--
``(1) Program.--
``(A) In general.--The Secretary shall deploy,
operate, and maintain a continuous diagnostics and
mitigation program. Under such program, the Secretary
shall--
``(i) develop and provide the capability to
collect, analyze, and visualize information
relating to security data and cybersecurity
risks;
``(ii) make program capabilities available
for use, with or without reimbursement;
``(iii) employ shared services, collective
purchasing, blanket purchase agreements, and
any other economic or procurement models the
Secretary determines appropriate to maximize
the costs savings associated with implementing
an information system;
``(iv) assist entities in setting
information security priorities and managing
cybersecurity risks; and
``(v) develop policies and procedures for
reporting systemic cybersecurity risks and
potential incidents based upon data collected
under such program.
``(B) Regular improvement.--The Secretary shall
regularly deploy new technologies and modify existing
technologies to the continuous diagnostics and
mitigation program required under subparagraph (A), as
appropriate, to improve the program.
``(2) Activities.--In carrying out the continuous
diagnostics and mitigation program under paragraph (1), the
Secretary shall ensure, to the extent practicable, that--
``(A) timely, actionable, and relevant
cybersecurity risk information, assessments, and
analysis are provided in real time;
``(B) share the analysis and products developed
under such program;
``(C) all information, assessments, analyses, and
raw data under such program is made available to the
national cybersecurity and communications integration
center of the Department; and
``(D) provide regular reports on cybersecurity
risks.''.
(b) Continuous Diagnostics and Mitigation Strategy.--
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Secretary of Homeland Security
shall develop a comprehensive continuous diagnostics and
mitigation strategy to carry out the continuous diagnostics and
mitigation program required under subsection (g) of section 230
of such Act, as added by subsection (a).
(2) Scope.--The strategy required under paragraph (1) shall
include the following:
(A) A description of the continuous diagnostics and
mitigation program, including efforts by the Secretary
of Homeland Security to assist with the deployment of
program tools, capabilities, and services, from the
inception of the program referred to in paragraph (1)
to the date of the enactment of this Act.
(B) A description of the coordination required to
deploy, install, and maintain the tools, capabilities,
and services that the Secretary of Homeland Security
determines to be necessary to satisfy the requirements
of such program.
(C) A description of any obstacles facing the
deployment, installation, and maintenance of tools,
capabilities, and services under such program.
(D) Recommendations and guidelines to help maintain
and continuously upgrade tools, capabilities, and
services provided under such program.
(E) Recommendations for using the data collected by
such program for creating a common framework for data
analytics, visualization of enterprise-wide risks, and
real-time reporting.
(F) Recommendations for future efforts and
activities related to securing networks, devices, data,
and information technology assets through the use of
such program.
(3) Form.--The strategy required under subparagraph (A)
shall be submitted in an unclassified form, but may contain a
classified annex.
(c) Report.--Not later than 90 days after the development of the
strategy required under subsection (b), the Secretary of Homeland
Security shall submit to the Committee on Homeland Security and
Governmental Affairs of the Senate and the Committee on Homeland
Security of the House of Representative a report on cybersecurity risk
posture based on the data collected through the continuous diagnostics
and mitigation program under subsection (g) of section 230 of the
Homeland Security Act of 2002, as added by subsection (a).
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Homeland Security.
Committee Consideration and Mark-up Session Held.
Ordered to be Reported (Amended) by Unanimous Consent.
Reported (Amended) by the Committee on Homeland Security. H. Rept. 115-910.
Reported (Amended) by the Committee on Homeland Security. H. Rept. 115-910.
Placed on the Union Calendar, Calendar No. 706.
Mr. Ratcliffe moved to suspend the rules and pass the bill, as amended.
Considered under suspension of the rules. (consideration: CR S7793-7796)
DEBATE - The House proceeded with forty minutes of debate on H.R. 6443.
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.(text: CR H7793)
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H7793)
Motion to reconsider laid on the table Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.