

111 HR 3847 IH: Cyber Awareness and Recovery Enhancement Act of 2013
U.S. House of Representatives
2014-01-10
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I113th CONGRESS2d SessionH. R. 3847IN THE HOUSE OF REPRESENTATIVESJanuary 10, 2014Mr. Barber (for himself, Mr. Daines, and Ms. Sinema) introduced the following bill; which was referred to the Committee on Energy and Commerce, and in addition to the Committee on Oversight and Government Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concernedA BILLTo require the Secretary of Homeland Security the responsibility to develop and provide to the Secretary of Health and Human Services risk-based, performance-based cybersecurity standards for the Federal information technology requirements under the Patient Protection and Affordable Care Act, including the healthcare.gov website, and for other purposes.1.Short titleThis Act may be cited as the Cyber Awareness and Recovery Enhancement Act of 2013 or the CARE Act of 2013.2.Cybersecurity for healthcare.gov website(a)In generalNotwithstanding the requirements of the Federal Information Security Management Act of 2002 (44 U.S.C. 3531 et seq.) or any other provision of law, not later than 90 days after the date of the enactment of this Act, the Secretary of Homeland Security shall develop and provide to the Secretary of Health and Human Services risk-based, performance-based cybersecurity standards for the Federal information technology requirements under the Patient Protection and Affordable Care Act (Public Law 111–148), including the healthcare.gov website (or any successor website). Such standards shall be based on cybersecurity best practices, and on homeland security information that the Secretary of Homeland Security has collected, analyzed, and disseminated about cyber threats, vulnerabilities, and consequences.(b)ConsultationIn carrying out the cybersecurity standards described in subsection (a), the Secretary of Homeland Security shall consult with the Secretary of Health and Human Services.(c)Implementation and enforcementNot later than 90 days after receiving the cybersecurity standards described in subsection (a), the Secretary of Health and Human Services shall adopt and implement such cybersecurity standards.(d)EnforcementThe Secretary of Health and Human Services shall submit to Congress an annual report on cyber incidents relating to the Federal information technology requirements under the Patient Protection and Affordable Care Act, including the healthcare.gov website (or any successor website).