3.0.0 3313 2023-01-11T13:30:21Z 2023-01-11T13:30:21Z House HR 2015-07-29 114 [Congressional Record Volume 161, Number 121 (Wednesday, July 29, 2015)]From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]By Mr. McCAUL:H.R. 3313.Congress has the power to enact this legislation pursuantto the following:Article I, Section 8, Clause 18--To make all Laws whichshall be necessary and proper for carrying into Execution theforegoing Powers, and all other Powers vested by thisConstitution in the Government of the United States, or inany Department or Officer thereof.[Page H5771]]]> hshm00 Homeland Security Committee House Standing hshm08 Cybersecurity and Infrastructure Protection Subcommittee Referred to 2015-08-11T13:50:18Z Referred to 2015-07-29T14:22:20Z hsgo00 Oversight and Accountability Committee House Standing Referred to 2015-07-29T14:22:15Z Federal Information Security Management Reform Act of 2015 114 1828 S 2015-07-22 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (Sponsor introductory remarks on measure: CR S5456-5458) Related bill CRS Federal Information Security Management Reform Act of 2015 114 3402 HR 2015-07-29 Referred to the House Committee on Oversight and Government Reform. Related bill CRS 2015-08-11 hshm08 Cybersecurity and Infrastructure Protection Subcommittee 1 House committee actions Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Committee 2015-07-29 Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. IntroReferral H11100 2 House floor actions hshm00 Homeland Security Committee 2015-07-29 Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. IntroReferral H11100-A 9 Library of Congress 2015-07-29 Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. IntroReferral H11100 2 House floor actions hsgo00 Oversight and Accountability Committee 2015-07-29 Introduced in House IntroReferral Intro-H 9 Library of Congress 2015-07-29 Introduced in House IntroReferral 1000 9 Library of Congress M001157 Rep. McCaul, Michael T. [R-TX-10] Michael McCaul R TX T. 10 N R000601 Rep. Ratcliffe, John [R-TX-4] John Ratcliffe R TX 4 2015-07-29 True Government Operations and Politics Computer security and identity theft Computers and information technology Congressional oversight Government information and archives Government studies and investigations Performance measurement Technology assessment Terrorism Government Operations and Politics 00 2015-07-29 Introduced in House 2015-08-24T20:38:43Z Cyber Defense of Federal Networks Act of 2015

Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (OMB), to implement plans to: (1) detect, identify, and remove intruders in federal agencies' information systems; and (2) make advanced network security tools available for agencies to improve visibility of network activity to detect and mitigate intrusions and anomalous activity.

Directs DHS to coordinate with the OMB to: (1) update government information security metrics to include measures of intrusion and incident detection and response times, and (2) display additional metrics about agency cybersecurity postures on federal government performance websites.

Authorizes DHS, upon an agency's request, to operate and maintain technology that is deployed to agencies to diagnose and mitigate cyber threats and vulnerabilities.

Requires DHS to regularly assess and require implementation of best practices for securing agency information systems and preventing data exfiltration.

Redefines for purposes of DHS's national cybersecurity and communications integration center: (1) "cybersecurity risk" to exclude actions that solely involve a violation of a consumer term of service or a consumer licensing agreement; and (2) "incident" to include occurrences that actually or imminently jeopardize, without lawful authority, an information system, thereby replacing a standard that currently includes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.

Requires DHS to assist agencies in implementing information security practices by: (1) providing incident detection, analysis, mitigation, and response information, disseminating related homeland security information, and providing remote or onsite technical assistance; (2) developing and conducting impact assessments in consultation with other governmental and private entities; (3) assessing and fostering technologies for use across multiple agencies; and (4) ensuring that policies are coordinated with standards for national security systems and policies of the Department of Defense (DOD) and the Director of National Intelligence.

Authorizes the DHS Secretary to: (1) issue a directive to an agency to take any lawful action with respect to the operation of an agency's information system in response to a known or reasonably suspected information security threat, vulnerability, risk, or incident, including an act of terrorism, that represents a substantial threat to information security; or (2) authorize, without prior consultation with the affected agency, the use of protective capabilities under the Secretary's control for communications or system traffic transiting to or from or stored on an agency information system if there is an imminent threat and a directive is unlikely to be timely.

Exempts DOD and the intelligence community from such procedures.

]]> Cyber Defense of Federal Networks Act of 2015 Display Title Cyber Defense of Federal Networks Act of 2015 Official Title as Introduced To amend the Homeland Security Act of 2002 to strengthen the ability of the Secretary of Homeland Security to detect and prevent intrusions against, and to use countermeasures to protect, agency information systems, and for other purposes. Introduced in House IH Short Titles as Introduced Cyber Defense of Federal Networks Act of 2015 Introduced in House 2015-07-29T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-114hr3313ih/xml/BILLS-114hr3313ih.xml 2015-08-11 Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries and statuses for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.