[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3847 Introduced in House (IH)]

113th CONGRESS
  2d Session
                                H. R. 3847

  To require the Secretary of Homeland Security the responsibility to 
develop and provide to the Secretary of Health and Human Services risk-
   based, performance-based cybersecurity standards for the Federal 
 information technology requirements under the Patient Protection and 
  Affordable Care Act, including the healthcare.gov website, and for 
                            other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 10, 2014

  Mr. Barber (for himself, Mr. Daines, and Ms. Sinema) introduced the 
   following bill; which was referred to the Committee on Energy and 
Commerce, and in addition to the Committee on Oversight and Government 
 Reform, for a period to be subsequently determined by the Speaker, in 
   each case for consideration of such provisions as fall within the 
                jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
  To require the Secretary of Homeland Security the responsibility to 
develop and provide to the Secretary of Health and Human Services risk-
   based, performance-based cybersecurity standards for the Federal 
 information technology requirements under the Patient Protection and 
  Affordable Care Act, including the healthcare.gov website, and for 
                            other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Awareness and Recovery 
Enhancement Act of 2013'' or the ``CARE Act of 2013''.

SEC. 2. CYBERSECURITY FOR HEALTHCARE.GOV WEBSITE.

    (a) In General.--Notwithstanding the requirements of the Federal 
Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.) or 
any other provision of law, not later than 90 days after the date of 
the enactment of this Act, the Secretary of Homeland Security shall 
develop and provide to the Secretary of Health and Human Services risk-
based, performance-based cybersecurity standards for the Federal 
information technology requirements under the Patient Protection and 
Affordable Care Act (Public Law 111-148), including the healthcare.gov 
website (or any successor website). Such standards shall be based on 
cybersecurity best practices, and on homeland security information that 
the Secretary of Homeland Security has collected, analyzed, and 
disseminated about cyber threats, vulnerabilities, and consequences.
    (b) Consultation.--In carrying out the cybersecurity standards 
described in subsection (a), the Secretary of Homeland Security shall 
consult with the Secretary of Health and Human Services.
    (c) Implementation and Enforcement.--Not later than 90 days after 
receiving the cybersecurity standards described in subsection (a), the 
Secretary of Health and Human Services shall adopt and implement such 
cybersecurity standards.
    (d) Enforcement.--The Secretary of Health and Human Services shall 
submit to Congress an annual report on cyber incidents relating to the 
Federal information technology requirements under the Patient 
Protection and Affordable Care Act, including the healthcare.gov 
website (or any successor website).
                                 <all>