S. ll IN THE SENATE OF THE UNITED STATES A BILL
|
|
|
- Bryce Lynch
- 10 years ago
- Views:
Transcription
1 TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information systems. IN THE SENATE OF THE UNITED STATES llllllllll Mr. CARPER introduced the following bill; which was read twice and referred to the Committee on llllllllll A BILL To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information systems. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION. SHORT TITLE. This Act may be cited as the Cyber Threat Sharing Act of.
2 0 SEC.. CYBER THREAT INDICATOR SHARING. (a) IN GENERAL. Subtitle C of title II of the Homeland Security Act of 0 ( U.S.C. et seq.) is amended by adding at the end the following: SEC.. CYBER THREAT INDICATOR SHARING. (a) DEFINITIONS. In this section, the following definitions shall apply: () CENTER. The term Center means the national cybersecurity and communications integration center established under the second section designated as section. () CYBER THREAT. The term cyber threat (A) means any action that may result in (i) unauthorized access in order to damage or impair the integrity, confidentiality, or availability of an information system; or (ii) unauthorized exfiltration, deletion, or manipulation of information that is stored on, processed by, or transiting an information system; and (B) does not include exceeding authorized access of an information system, if such access
3 0 solely involves a violation of consumer terms of service or consumer licensing agreements. () CYBER THREAT INDICATOR. The term cyber threat indicator means information (A) that is necessary to indicate, describe, or identify (i) malicious reconnaissance, including communications that reasonably appear to be transmitted for the purpose of gathering technical information related to a cyber threat; (ii) a method of defeating a technical control or an operational control; (iii) a technical vulnerability; (iv) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system inadvertently to enable the defeat of a technical control or an operational control; (v) malicious cyber command and control; or (vi) any combination of clauses (i) through (v); and
4 0 (B) from which reasonable efforts have been made to remove information that may be used to identify specific persons reasonably believed to be unrelated to the cyber threat. () FEDERAL ENTITY. The term Federal entity means (A) an agency or department of the United States; or (B) any component, officer, employee, or agent of such an agency or department, acting in his or her official capacity. () GOVERNMENTAL ENTITY. The term governmental entity means (A) any Federal entity; (B) any agency or department of a State, local, tribal, or territorial government; or (C) any component, officer, employee, or agent of such an agency or department, acting in his or her official capacity. () INFORMATION SHARING AND ANALYSIS OR- GANIZATION. The term Information Sharing and Analysis Organization has the meaning given that term in section. () INFORMATION SYSTEM. The term information system means a discrete set of hardware
5 0 and software information resources that collects, processes, maintains, uses, shares, disseminates, or disposes of information and communications. () MALICIOUS CYBER COMMAND AND CON- TROL. The term malicious cyber command and control means a method for remote identification of, access to, or use of, an information system or information that is stored on, processed by, or transiting an information system that is known or reasonably suspected of being associated with a known or suspected cyber threat. () MALICIOUS RECONNAISSANCE. The term malicious reconnaissance means a method for probing or monitoring an information system for the purpose of discerning technical vulnerabilities of the information system, if such method is known or reasonably suspected of being associated with a known or suspected cyber threat. (0) NON-FEDERAL ENTITY. The term non- Federal entity means a private entity or a governmental entity other than a Federal entity. () OPERATIONAL CONTROL. The term operational control means a security control for an information system that is primarily implemented and executed by people.
6 0 () PRIVATE ENTITY. The term private entity (A) has the meaning given the term person in section of title, United States Code; and (B) does not include a governmental entity or a foreign government, or any component thereof. () SECTOR-SPECIFIC AGENCY. The term sector-specific agency has the meaning given that term in section (e) of the National Institute of Standards and Technology Act ( U.S.C. (e)). () TECHNICAL CONTROL. The term technical control means a hardware or software restriction on, or audit of, access or use of an information system or information that is stored on, processed by, or transiting an information system that is intended to ensure the confidentiality, integrity, or availability of that information system or the information processed or stored by that information system. () TECHNICAL VULNERABILITY. The term technical vulnerability means any attribute of hardware, firmware, or software that could enable or facilitate the defeat of a technical control.
7 0 (b) VOLUNTARY DISCLOSURE AND RECEIPT OF CYBER THREAT INDICATORS. () IN GENERAL. Notwithstanding any other provision of law, a private entity may (A) disclose a lawfully obtained cyber threat indicator to (i) a private Information Sharing and Analysis Organization; and (ii) the Center; and (B) receive a cyber threat indicator disclosed under this section by a Federal or non- Federal entity. () VOLUNTARY SHARING WITH LAW EN- FORCEMENT. Any entity may disclose a lawfully obtained cyber threat indicator to a Federal entity for investigative purposes consistent with the lawful authorities of the Federal entity. () USE AND PROTECTION OF INFORMA- TION. A private entity that discloses or receives a cyber threat indicator under paragraph () (A) may only use, retain, or further disclose the cyber threat indicator for the purpose of (i) protecting an information system or information that is stored on, processed
8 0 by, or transiting an information system from cyber threats; (ii) identifying or mitigating such cyber threats; or (iii) reporting a crime; (B) shall take reasonable efforts (i) to minimize information that may be used to identify specific persons and is reasonably believed to be unrelated to a cyber threat; and (ii) to safeguard information that may be used to identify specific persons from unintended disclosure and unauthorized access or acquisition; and (C) shall comply with reasonable restrictions that a private entity places on the subsequent disclosure or retention of a cyber threat indicator that the private entity discloses to other private entities. () BEST PRACTICES FOR PRIVATE INFORMA- TION SHARING AND ANALYSIS ORGANIZATIONS. The Secretary, in consultation with the Secretary of Commerce, the Attorney General, the Director of the Office of Management and Budget, and the heads of
9 sector-specific agencies and other appropriate Fed- eral agencies, shall (A) through an open and competitive process, select a private entity to identify a common set of best practices for the creation and operation of private Information Sharing and Analysis Organizations; or (B) if necessary, develop through an open and consultative process the common set of best 0 practices described in subparagraph (A). (c) FEDERAL CYBER THREAT INDICATOR SHAR- ING. () CIVILIAN PORTAL. The Secretary shall designate the Center to receive and disclose cyber threat indicators to Federal and non-federal entities in as close to real time as practicable, consistent with, and in accordance with the purposes of, this section. () SHARING WITH NON-FEDERAL ENTI- TIES. (A) IN GENERAL. To protect information systems or information that is stored on, processed by, or transiting an information system from cyber threats, the Secretary shall coordinate Federal efforts to ensure that useful
10 0 0 classified and unclassified cyber threat indicators are shared in a timely manner with non- Federal entities. (B) REPORT. (i) IN GENERAL. Not later than year after the date of enactment of this section, and every year thereafter for years, the Secretary, in consultation with the Attorney General, the Director of the Office of Management and Budget, the Director of National Intelligence, the Secretary of Defense, and the heads of sectorspecific agencies and other appropriate Federal agencies, shall submit to Congress a report including (I) a review of all Federal efforts to share classified and unclassified cyber threat indicators to protect information systems from cyber threats, including summaries of the nature of those efforts and the quantities of information shared; (II) challenges to the appropriate sharing of cyber threat indicators; and
11 0 (III) recommendations to enhance the appropriate sharing of cyber threat indicators. (ii) FORM OF REPORT. Each report submitted under clause (i) shall be in unclassified form, but may include a classified annex. () SHARING AMONG FEDERAL ENTITIES. (A) IN GENERAL. The Secretary, in consultation with the heads of appropriate agencies, shall coordinate and establish procedures for the sharing of cyber threat indicators among Federal agencies, with appropriate consideration of privacy and civil liberties and agency equities. (B) SHARING BY THE CENTER. The Secretary, in consultation with the Attorney General, the Director of the Office of Management and Budget, the Director of National Intelligence, the Secretary of Defense, and the heads of sector-specific agencies and other appropriate Federal agencies, shall ensure that cyber threat indicators received and disclosed by the Center under paragraph () are shared
12 0 with other Federal entities in as close to real time as practicable. () REAL TIME SHARING. (A) IN GENERAL. The Secretary, in coordination with the Director of the National Institute for Standards and Technology, and consistent with the Cybersecurity Enhancement Act of (Public Law ; Stat. ), shall develop a program that supports and rapidly advances the development, adoption, and implementation of automated mechanisms for the real time sharing of cyber threat indicators. (B) BEST PRACTICES. To the maximum extent feasible, the Secretary shall ensure that the program developed under subparagraph (A) relies on open source software development best practices. (d) LIMITATION OF LIABILITY. () LIABILITY FOR DISCLOSURE OF CYBER THREAT INDICATORS. (A) IN GENERAL. A civil or criminal action may not be filed or maintained in a Federal or State court against an entity for the voluntary disclosure or receipt under this section
13 0 of a lawfully obtained cyber threat indicator, that the entity was not otherwise required to disclose, to or from (i) the Center; or (ii) a private Information Sharing and Analysis Organization, if the organization maintains a publicly-available self-certification that the organization has adopted the best practices identified or developed under subsection (b)(). (B) EFFECTIVE DATE. Subparagraph (A) shall take effect on the date on which the policies and procedures are developed under subsection (e)(). () PROTECTION FROM PUBLIC DISCLO- SURE. (A) IN GENERAL. A cyber threat indicator that is submitted by a non-federal entity to the Center shall be exempt from disclosure under (i) section (b)() of title, United States Code; (ii) section a(d) of title, United States Code; and
14 0 (iii) any State law otherwise requiring disclosure. (B) APPLICATION OF SECTION. (i) IN GENERAL. Except as provided under clause (ii), a cyber threat indicator that is submitted by a non-federal entity to the Center shall be treated in the same manner as voluntarily submitted critical infrastructure information is treated under section. (ii) EXCEPTION. For purposes of clause (i), the requirements under subsection (a)() (regarding an express statement) and subsection (e)()(a) (regarding acknowledgment of receipt) of section shall not apply. () LIMITATION OF REGULATORY ENFORCE- MENT ACTIONS. (A) IN GENERAL. A Federal entity may not use a cyber threat indicator received under this section as evidence in a regulatory enforcement action against an entity that disclosed the cyber threat indicator to the Federal Government under subsection (c).
15 0 (B) EXCEPTION. Nothing in subparagraph (A) shall be construed to prevent a Federal entity from using a cyber threat indicator received through lawful means other than under this section as evidence in a regulatory enforcement action, even if the Federal entity also receives the cyber threat indicator under this section. () RULE OF CONSTRUCTION. Nothing in this section shall be construed to prohibit or otherwise limit an Information Sharing and Analysis Organization, information sharing and analysis center, or other non-federal entity from self-certifying under paragraph ()(A)(ii) that the entity has adopted the best practices identified or developed under subsection (b)(). (e) PRIVACY PROTECTIONS. () POLICIES AND PROCEDURES. (A) IN GENERAL. The Secretary, in consultation with the Attorney General, the Chief Privacy Officer of the Department, the Chief Privacy and Civil Liberties Officer of the Department of Justice, the Secretary of Commerce, the Director of National Intelligence, the Secretary of Defense, the Director of the Office
16 0 of Management and Budget, the heads of sector-specific agencies and other appropriate agencies, and the Privacy and Civil Liberties Oversight Board, shall develop and periodically review policies and procedures governing the receipt, retention, use, and disclosure of a cyber threat indicator obtained by a Federal entity under this section. (B) REQUIREMENTS. The policies and procedures developed under subparagraph (A) shall (i) reasonably limit the acquisition, interception, retention, use, and disclosure of a cyber threat indicator that is reasonably likely to identify specific persons, including by establishing a process (I) for the timely destruction of information that is known not to be directly related to a purpose or use authorized under the section; and (II) to anonymize and safeguard information received and disclosed that may be used to identify specific persons unrelated to a cyber threat;
17 0 (ii) except as provided under clause (iii), limit the reception, use, and retention of a cyber threat indicator by a Federal entity only to protect information systems from cyber threats; (iii) for cyber threat indicators received by the Center under subsection (c)(), establish publicly available guidelines that authorize law enforcement use of a cyber threat indicator received by a Federal entity under subsection (c) only to investigate, prosecute, disrupt, or otherwise respond to (I) a computer crime; (II) a threat of death or serious bodily harm; (III) a serious threat to a minor, including sexual exploitation and threats to physical safety; or (IV) an attempt or conspiracy to commit an offense described in subclause (I), (II), or (III); (iv) preserve the confidentiality of disclosed proprietary information to the greatest extent practicable, and require re-
18 0 cipients of such information to be informed that the cyber threat indicator disclosed may only be used for the purposes authorized under this section; and (v) provide for appropriate penalties for any officer, employee, or agent of an agency or department of the United States who violates the provisions of this section with respect to the receipt, retention, or disclosure of a cyber threat indicator. () OVERSIGHT BY FEDERAL ENTITIES. The head of each Federal entity that receives or discloses a cyber threat indicator under this section shall establish a program to monitor and oversee compliance with the policies and procedures developed under paragraph ()(A). () PUBLICATION. The policies and procedures developed under paragraph ()(A) shall (A) be provided to the appropriate congressional committees; and (B) to the maximum extent practicable, shall be posted on the Internet website of each Federal entity that receives or discloses a cyber threat indicator under this section. () REPORTS.
19 0 (A) ANNUAL REPORT ON PRIVACY AND CIVIL LIBERTIES. The Chief Privacy Officer of the Department and the Chief Privacy and Civil Liberties Officer of the Department of Justice, in consultation with the privacy and civil liberties officers of other appropriate Federal agencies, shall submit to Congress an annual report assessing the privacy and civil liberties impact of the governmental activities conducted under this section. (B) ADDITIONAL REPORT. (i) IN GENERAL. Not later than years after the date of enactment of this section, and every year thereafter for years, the Secretary, the Director of National Intelligence, the Attorney General, and the Secretary of Defense shall jointly submit to Congress a report that (I) describes the extent to which the authorities provided under this section have enabled the Federal Government and the private sector to mitigate cyber threats; (II) discloses any significant acts of noncompliance by a non-fed-
20 0 eral entity with this section, with special emphasis on privacy and civil liberties, and any measures taken by the Federal Government to uncover such noncompliance; (III) describes in general terms the nature and quantity of information disclosed and received by governmental entities and private entities under this section; (IV) describes the uses by Federal agencies of information received under this section, including the general quantity of information being used for each purpose; and (V) identifies the emergence of new threats or technologies that challenge the adequacy of this section, including the definitions, authorities, and requirements of this section, for keeping pace with the threat. (ii) FORM OF REPORT. Each report submitted under clause (i) shall be submitted in unclassified form, but may include a classified annex.
21 0 (f) CONSTRUCTION AND FEDERAL PREEMPTION. () CONSTRUCTION. Nothing in this section may be construed (A) except as provided in subsection (d)(), to limit any law or regulation that requires the disclosure, receipt, or retention of information; (B) to limit the authority of an entity to share information concerning potential criminal activity or investigations with law enforcement entities; (C) to limit or prohibit otherwise lawful disclosures of information by a private entity to any governmental or private entity not conducted under this section; (D) to allow the otherwise unauthorized disclosure by a private entity of information or material that has been determined by the Federal Government pursuant to an Executive order, statute, or regulation to require protection against unauthorized disclosure for reasons of national defense or foreign relations of the United States, including
22 0 (i) any restricted data, as defined in section (y) of the Atomic Energy Act of ( U.S.C. (y)); (ii) information related to intelligence sources and methods; and (iii) information that is specifically subject to a court order or a certification, directive, or other authority precluding such disclosure; (E) to authorize or limit liability for actions that would (i) violate the Report and Order of the Federal Communications Commission with regard to Preserving the Open Internet; Broadband Industry Practices (GN Docket No. 0, WC Docket No. 0 ) (adopted December, 0) or any successor Report or Order thereto; or (ii) modify or alter the obligations of private entities under Report or Order described in clause (i); or (F) to allow price-fixing, allocating a market between competitors, monopolizing or attempting to monopolize a market, boycotting or exchanges of price or cost information, cus-
23 0 tomer lists, or information regarding future competitive planning. () FEDERAL PREEMPTION. This section supersedes any law or requirement of a State or political subdivision of a State that restricts or otherwise expressly regulates the retention, use, or disclosure of a cyber threat indicator by a private entity. () PRESERVATION OF OTHER STATE LAW. Except as expressly provided, nothing in this section shall be construed to preempt the applicability of any other State law or requirement. () NO CREATION OF A RIGHT TO INFORMA- TION. The provision of information to a non-federal entity under this section does not create a right or benefit to similar information by any other non- Federal entity. () NO WAIVER OF PRIVILEGE. No otherwise privileged communication obtained in accordance with, or in violation of, the provisions of this section shall lose its privileged character. () PROHIBITION ON REQUIREMENT TO PRO- VIDE INFORMATION TO THE FEDERAL GOVERN- MENT. Nothing in this section shall be construed to authorize a Federal entity
24 (A) to require a non-federal entity to share information with the Federal Govern- ment; (B) to condition the disclosure of a cyber threat indicator under to this section to a non- Federal entity on the provision of cyber threat information to the Federal Government; or (C) to condition the award of any Federal grant, contract or purchase on the provision of 0 a cyber threat indicator to a Federal entity, if the provision of the cyber threat indicator does not reasonably relate to the protection of the in- formation system of the Federal entity or infor- mation, goods, or services covered by the award.. (b) TECHNICAL AND CONFORMING AMENDMENT. The table of contents in section (b) of the Homeland Security Act of 0 ( U.S.C. 0 note) is amended by inserting after the item relating to section the following: Sec.. Cyber threat sharing.. (c) SUNSET. Effective on the date that is years after the date of enactment of this Act () section of the Homeland Security Act of 0, as added by subsection (a), is repealed; and
25 () the table of contents in section (b) of the Homeland Security Act of 0 ( U.S.C. 0 note) is amended by striking the item relating to section. 0 SEC.. SENSE OF CONGRESS. It is the sense of Congress that the statement issued by the Department of Justice and the Federal Trade Commission on April 0, entitled Antitrust Policy Statement On Sharing Of Cybersecurity Information provides protections against antitrust concerns for the legitimate sharing of cyber threat indicators (as defined in section of the Homeland Security Act of 0 (as added by section )).
Legislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
S. ll. To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
BAG Discussion Draft S.L.C. TH CONGRESS ST SESSION S. ll To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes. IN THE
H. R. ll IN THE HOUSE OF REPRESENTATIVES A BILL
F:\M\MCCAUL\MCCAUL_0.XML TH CONGRESS ST SESSION... (Original Signature of Member) H. R. ll To amend the Homeland Security Act of 00 to enhance multi-directional sharing of information related to cybersecurity
DIVISION N CYBERSECURITY ACT OF 2015
H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table
To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
1st Session 114 83 NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT OF 2015
114TH CONGRESS REPORT " HOUSE OF REPRESENTATIVES! 1st Session 114 83 NATIONAL CYBERSECURITY PROTECTION ADVANCEMENT ACT OF 2015 APRIL 17, 2015. Committed to the Committee of the Whole House on the State
NATIONAL CYBERSECURITY PROTECTION ACT OF 2014
PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128
H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
Public Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
Legislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
TITLE III INFORMATION SECURITY
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731
Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 Eric A. Fischer Senior Specialist in Science and Technology April 20, 2015 Congressional Research Service 7-5700 www.crs.gov
Preservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection
U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal
No. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
How To Codify A Cybersecurity Operations Center
II 11TH CONGRESS D SESSION S. 19 To codify an existing operations center for cybersecurity. IN THE SENATE OF THE UNITED STATES JUNE, 01 Mr. CARPER (for himself and Mr. COBURN) introduced the following
TITLE I FORMER VICE PRESIDENT PROTECTION ACT
122 STAT. 3560 PUBLIC LAW 110 326 SEPT. 26, 2008 Sept. 26, 2008 [H.R. 5938] Former Vice President Protection Act of 2008. 18 USC 1 note. Public Law 110 326 110th Congress An Act To amend title 18, United
One Hundred Twelfth Congress of the United States of America
S. 3454 One Hundred Twelfth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday, the third day of January, two thousand and twelve An Act
Public Law 96-226 96th Congress An Act
PUBLIC LAW 96-226 APR. 3, 1980 94 STAT. 311 Public Law 96-226 96th Congress An Act To improve budget management and expenditure control by revising certain provisions relating to the Comptroller General
H. R. ll IN THE HOUSE OF REPRESENTATIVES A BILL
F:\M\BARLET\BARLET_0.XML TH CONGRESS ST SESSION... (Original Signature of Member) H. R. ll To amend the Homeland Security Act of 00 to enhance the partnership between the Department of Homeland Security
S. 607. [Report No. 113 lll] To improve the provisions relating to the privacy of electronic communications. IN THE SENATE OF THE UNITED STATES
![S. 607. [Report No. 113 lll] To improve the provisions relating to the privacy of electronic communications. IN THE SENATE OF THE UNITED STATES](/thumbs/36/17544898.jpg "S. 607. [Report No. 113 lll] To improve the provisions relating to the privacy of electronic communications. IN THE SENATE OF THE UNITED STATES")
II TH CONGRESS ST SESSION S. 0 Calendar No. ll [Report No. lll] To improve the provisions relating to the privacy of electronic communications. IN THE SENATE OF THE UNITED STATES MARCH, Mr. LEAHY (for
TITLE I STANDARDS DEVELOPMENT ORGANIZATION ADVANCEMENT ACT OF 2004
118 STAT. 661 Public Law 108 237 108th Congress An Act To encourage the development and promulgation of voluntary consensus standards by providing relief under the antitrust laws to standards development
Legislative Language. Law Enforcement Provisions Related to Computer Security
Legislative Language Law Enforcement Provisions Related to Computer Security Part 1: Specific Criminalization of Damaging Critical Infrastructure Computers Title 18, United States Code, is amended to add
Internal Revenue Code Amending Bill Introduced
II TH CONGRESS ST SESSION S. To amend the Internal Revenue Code of to permit the Secretary of the Treasury and the Commissioner of the Social Security Administration to disclose certain return information
Subtitle B Increasing Regulatory Enforcement and Remedies
H. R. 4173 466 activities and evaluates the effectiveness of the Ombudsman during the preceding year. The Investor Advocate shall include the reports required under this section in the reports required
How To Clarify The Disclosure Of Information From Prohibited Personnel Practices
PUBLIC LAW 112 199 NOV. 27, 2012 126 STAT. 1465 Public Law 112 199 112th Congress An Act To amend chapter 23 of title 5, United States Code, to clarify the disclosures of information protected from prohibited
Securities Whistleblower Incentives and Protection
Securities Whistleblower Incentives and Protection 15 USC 78u-6 (As added by P.L. 111-203.) 15 USC 78u-6 78u-6. Securities whistleblower incentives and protection (a) Definitions. In this section the following
18 USC 1030. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see http://www.law.cornell.edu/uscode/uscprint.html).
TITLE 18 - CRIMES AND CRIMINAL PROCEDURE PART I - CRIMES CHAPTER 47 - FRAUD AND FALSE STATEMENTS 1030. Fraud and related activity in connection with computers (a) Whoever (1) having knowingly accessed
BUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,
S. 1193 IN THE SENATE OF THE UNITED STATES
II TH CONGRESS ST SESSION S. To require certain entities that collect and maintain personal information of individuals to secure such information and to provide notice to such individuals in the case of
S. ll IN THE SENATE OF THE UNITED STATES A BILL
HENF Discussion Draft S.L.C. TH CONGRESS ST SESSION S. ll To promote innovation and realize the efficiency gains and economic benefits of on-demand computing by accelerating the acquisition and deployment
SUMMARY: The Office of the Secretary of Defense proposes to. alter a system of records notice DPFPA 02, entitled Pentagon
This document is scheduled to be published in the Federal Register on 02/11/2016 and available online at http://federalregister.gov/a/2016-02788, and on FDsys.gov Billing Code: 5001-06 DEPARTMENT OF DEFENSE
(C) A statement of current policies concerning campus law enforcement, including--
Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act 20 USC 1092 (f) Disclosure of campus security policy and campus crime statistics (1) Each eligible institution participating
TITLE III CROWDFUNDING
H. R. 3606 10 have any person associated with that person subject to such a statutory disqualification. (3) For the purposes of this subsection, the term ancillary services means (A) the provision of due
COMPUTER FRAUD AND ABUSE ACT. US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers
COMPUTER FRAUD AND ABUSE ACT US Code as of: 01/05/99 Title 18 Sec. 1030. Fraud and related activity in connection with computers (a) Whoever - (1) having knowingly accessed a computer without authorization
Department of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5400.11 October 29, 2014 DCMO SUBJECT: DoD Privacy Program References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues DoD Directive (DoDD) 5400.11 (Reference
September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President
004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive
Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection
Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection (7 U.S.C. 26) i 26. Commodity whistleblower incentives and protection (a) Definitions. In this section: (1) Covered
Updated Administration Proposal: Law Enforcement Provisions
Updated Administration Proposal: Law Enforcement Provisions [Changes to existing law are in shown in italics, bold, and strikethrough format] SEC. 101. Prosecuting Organized Crime Groups That Utilize Cyber
S. ll. To amend the Internal Revenue Code of 1986 to prevent identity theft related tax refund fraud, and for other purposes.
1TH CONGRESS 2D SESSION S. ll To amend the Internal Revenue Code of to prevent identity theft related tax refund fraud, and for other purposes. IN THE SENATE OF THE UNITED STATES llllllllll Mr. HATCH (for
Privacy Act of 1974; Department of Homeland Security <Component Name> - <SORN. AGENCY: Department of Homeland Security, Privacy Office.
DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2014-] Privacy Act of 1974; Department of Homeland Security -
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
S. ll. To provide anti-retaliation protections for antitrust whistleblowers. IN THE SENATE OF THE UNITED STATES
OLL TH CONGRESS ST SESSION S. ll To provide anti-retaliation protections for antitrust whistleblowers. IN THE SENATE OF THE UNITED STATES llllllllll Mr. GRASSLEY (for himself and Mr. LEAHY) introduced
Page 1417 TITLE 12 BANKS AND BANKING 2802
Page 1417 TITLE 12 BANKS AND BANKING 2802 loans to the Corporation for such purpose in the same manner as loans may be made for insurance purposes under such section, subject to the maximum limitation
100 STAT. 3170 PUBLIC LAW 99-563 OCT. 27, 1986 Public Law 99-563.. ;.. 99th Congress ^.^^ 7 v j,., An Act. ^. /?:,/'. '- -t
100 STAT. 3170 PUBLIC LAW 99-563 OCT. 27, 1986 Oct. 27, 1986 [S. 2129] Public Law 99-563.. ;.. 99th Congress ^.^^ 7 v j,., An Act. ^. /?:,/'. '- -t To amend the Product Liability Risk Retention Act of
One Hundred Tenth Congress of the United States of America
H. R. 3403 One Hundred Tenth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Thursday, the third day of January, two thousand and eight An Act
[STAFF WORKING DRAFT]
![[STAFF WORKING DRAFT]](/thumbs/24/2919786.jpg "[STAFF WORKING DRAFT]")
S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE
The Federal Financial Management Improvement Act (C)
Omnibus Consolidated Appropriations Act, 1997. PUBLIC LAW 104 208 SEPT. 30, 1996 110 STAT. 3009 *Public Law 104 208 104th Congress An Act Making omnibus consolidated appropriations for the fiscal year
CHAPTER 149 FORMERLY SENATE SUBSTITUTE NO. 1 FOR SENATE BILL NO. 79
CHAPTER 149 FORMERLY SENATE SUBSTITUTE NO. 1 FOR SENATE BILL NO. 79 AN ACT TO AMEND TITLE 14 OF THE DELAWARE CODE RELATING TO EDUCATIONAL DATA GOVERNANCE. BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE
TITLE I GENERAL PROVISIONS
Public Law 101-576 November 15, 1990 Chief Financial Officers Act of 1990 One Hundred First Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday,
S. ll IN THE SENATE OF THE UNITED STATES A BILL
1TH CONGRESS 1ST SESSION S. ll To amend title, United States Code, to improve the provision of assistance and benefits to veterans who are homeless, at risk of becoming homeless, or occupying temporary
PUBLIC LAW 105 347 NOV. 2, 1998 CONSUMER REPORTING EMPLOYMENT CLARIFICATION ACT OF 1998
CONSUMER REPORTING EMPLOYMENT CLARIFICATION ACT OF 1998 112 STAT. 3208 PUBLIC LAW 105 347 NOV. 2, 1998 Nov. 2, 1998 [S. 2561] Consumer Reporting Employment Clarification Act of 1998. 15 USC 1601 note.
ADMINISTRATION DISCUSSION DRAFT CONSUMER PRIVACY BILL OF RIGHTS ACT
ADMINISTRATION DISCUSSION DRAFT CONSUMER PRIVACY BILL OF RIGHTS ACT Bill To establish baseline protections for individual privacy in the commercial arena and to foster timely, flexible implementations
S. 1063. [Report No. 109 211] To promote and enhance public safety and to encourage the rapid deployment of IP-enabled voice services.
![S. 1063. [Report No. 109 211] To promote and enhance public safety and to encourage the rapid deployment of IP-enabled voice services.](/thumbs/28/12703347.jpg "S. 1063. [Report No. 109 211] To promote and enhance public safety and to encourage the rapid deployment of IP-enabled voice services.")
II TH CONGRESS 1ST SESSION S. Calendar No. [Report No. ] To promote and enhance public safety and to encourage the rapid deployment of IP-enabled voice services. IN THE SENATE OF THE UNITED STATES MAY
THE FAIR CREDIT REPORTING ACT
THE FAIR CREDIT REPORTING ACT As a public service, the staff of the Federal Trade Commission (FTC) has prepared the following complete text of the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681 et seq.
BUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and
CYBERCRIME LAWS OF THE UNITED STATES
CYBERCRIME LAWS OF THE UNITED STATES United States Code, Title 18, Chapter 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS 2701. Unlawful access to stored communications
DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)
DEPARTMENT OF JUSTICE WHITE PAPER Sharing Cyberthreat Information Under 18 USC 2702(a)(3) Background Improved information sharing is a critical component of bolstering public and private network owners
One Hundred Thirteenth Congress of the United States of America
S. 1353 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Friday, the third day of January, two thousand and fourteen An
PUBLIC LAW 105 272 OCT. 20, 1998 INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 1999
INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 1999 112 STAT. 2396 PUBLIC LAW 105 272 OCT. 20, 1998 Oct. 20, 1998 [H.R. 3694] Intelligence Authorization Act for Fiscal Year 1999. Public Law 105 272 105th
CHAPTER 121 STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS
18 U.S.C. United States Code, 2010 Edition Title 18 - CRIMES AND CRIMINAL PROCEDURE PART I - CRIMES CHAPTER 121 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS CHAPTER 121
THE FAIR CREDIT REPORTING ACT
THE FAIR CREDIT REPORTING ACT As a public service, the staff of the Federal Trade Commission (FTC) has prepared the following complete text of the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681 et seq.