118 HR 5786 IH: To establish in the National Nuclear Security Administration a Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. U.S. House of Representatives 2023-09-28 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

I118th CONGRESS1st SessionH. R. 5786IN THE HOUSE OF REPRESENTATIVESSeptember 28, 2023Mr. Carbajal (for himself, Mr. Bacon, and Mr. Gallagher) introduced the following bill; which was referred to the Committee on Armed ServicesA BILLTo establish in the National Nuclear Security Administration a Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group.

1.

Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group

Subtitle A of title XXXII of the National Defense Authorization Act for Fiscal Year 2000 (Public Law 106–65) is amended by adding at the end the following new section:

3222.

Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group

(a)

Establishment

There is in the Administration a working group, to be known as the Cybersecurity Risk Inventory, Assessment, and Mitigation Working Group. (b)

Membership

Members of the working group shall include the Deputy Administrator for Defense Programs, the Associate Administrator for Information Management and Chief Information Officer, and staff from other offices as determined appropriate by the Deputy Administrator and Associate Administrator. (c)

Comprehensive Strategy

The working group shall prepare a comprehensive strategy for inventorying the range of National Nuclear Security Administration systems that are potentially at risk in the operational technology and nuclear weapons information technology environments, assessing the systems at risk, and implementing risk mitigation actions. Such strategy shall incorporate key elements of effective cybersecurity risk management strategies, as identified by the Government Accountability Office, including the specification of— (1)goals, objectives, activities, and performance measures; (2)organizational roles, responsibilities, and coordination; (3)necessary resources needed to implement the strategy over the next ten years; and (4)detailed milestones and schedules for completion of tasks. (d)

Submission to Congress

(1)

Briefing

Not later than 120 days after the date of the enactment of this Act, the members of the working group shall provide to the congressional defense committees a briefing on the plan of the working group plan to develop the strategy required under subsection (c). (2)

Submission of strategy

Not later than April 1, 2025, the working group shall submit the congressional defense committees a copy of the completed strategy. (e)

Termination

The working group shall terminate on the date that is five years after the date of the enactment of this section.

.