3.0.0 3402 2023-01-11T13:30:17Z 2023-01-11T13:30:17Z House HR 2015-07-29 114 [Congressional Record Volume 161, Number 121 (Wednesday, July 29, 2015)]From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]By Mr. RUPPERSBERGER:H.R. 3402.Congress has the power to enact this legislation pursuantto the following:Article I, Sec. clause 3, the Commerce Clause.[Page H5774]]]> hsgo00 Oversight and Accountability Committee House Standing Referred to 2015-07-29T14:11:15Z Federal Information Security Management Reform Act of 2015 114 1828 S 2015-07-22 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (Sponsor introductory remarks on measure: CR S5456-5458) Identical bill CRS Cyber Defense of Federal Networks Act of 2015 114 3313 HR 2015-08-11 Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Related bill CRS 2015-07-29 Referred to the House Committee on Oversight and Government Reform. IntroReferral H11100 2 House floor actions hsgo00 Oversight and Accountability Committee 2015-07-29 Introduced in House IntroReferral Intro-H 9 Library of Congress 2015-07-29 Introduced in House IntroReferral 1000 9 Library of Congress R000576 Rep. Ruppersberger, C. A. Dutch [D-MD-2] C. A. Ruppersberger D MD Dutch 2 N Government Operations and Politics Administrative law and regulatory procedures Computer security and identity theft Criminal investigation, prosecution, interrogation Department of Homeland Security Government information and archives Technology assessment Government Operations and Politics 00 2015-07-29 Introduced in House 2015-08-24T21:00:18Z Federal Information Security Management Reform Act of 2015

Requires the Department of Homeland Security (DHS), in administering federal agencies' implementation of information system security policies, to: (1) operate consolidated intrusion detection, prevention, or protective capabilities and use of associated countermeasures to protect agency information and systems from security threats; (2) provide incident detection, analysis, mitigation, and response information and remote or onsite technical assistance; (3) develop and conduct impact assessments in consultation with other agencies and private entities; (4) foster development of technologies for use across multiple agencies in conjunction with other agencies and the private sector; and (5) coordinate such information security policies with standards for national security systems and policies issued by the Department of Defense (DOD) and the Director of National Intelligence.

Authorizes the DHS Secretary to acquire, intercept, retain, use, and disclose communications and system traffic transiting to or from or stored on agency information systems and deploy countermeasures if the Secretary certifies that: (1) the measures are reasonably necessary to protect agency information systems from security threats; (2) content of communications will not be retained, and traffic will not be subject to countermeasures, unless associated with a known or reasonably suspected information security threat; (3) the information will be used for law enforcement purposes only with the Attorney General's approval when the information is evidence of a crime; (4) system users have been notified of the potential for such an acquisition or disclosure; and (5) the procedures have been approved by the Attorney General.

Allows agency heads to disclose such information to the Secretary notwithstanding any other law that would otherwise restrict or prevent such disclosures. Provides liability protections to private entities authorized to assist the Secretary for such purposes.

Authorizes the Secretary to: (1) issue a directive to an agency to take any lawful action with respect to the operation of a system that maintains agency information in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to an agency's information security; or (2) authorize, without prior consultation with the affected agency, the use of protective capabilities under the Secretary's control if there is an imminent threat and a directive is unlikely to be timely.

Exempts DOD and the intelligence community from such procedures.

]]> Federal Information Security Management Reform Act of 2015 Display Title Federal Information Security Management Reform Act of 2015 Official Title as Introduced To strengthen the ability of the Secretary of Homeland Security to detect and prevent intrusions against, and to use countermeasures to protect, government agency information systems and for other purposes. Introduced in House IH Short Titles as Introduced Federal Information Security Management Reform Act of 2015 Introduced in House 2015-07-29T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-114hr3402ih/xml/BILLS-114hr3402ih.xml 2015-07-29 Referred to the House Committee on Oversight and Government Reform. text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries and statuses for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.