

115 S2844 RS: STB Information Security Improvement Act
U.S. Senate
2018-05-15
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



IICalendar No. 556115th CONGRESS2d SessionS. 2844[Report No. 115–322]IN THE SENATE OF THE UNITED STATESMay 15, 2018Mr. Thune introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and TransportationAugust 16, 2018Reported by Mr. Thune, without amendmentA BILLTo require the Surface Transportation Board to implement certain recommendations of the Inspector
			 General of the Department of Transportation.
	
 1.Short titleThis Act may be cited as the STB Information Security Improvement Act. 2.Requirements (a)In generalThe Surface Transportation Board (in this section referred to as the STB) shall develop a timeline and plan to implement the recommendations of the Inspector General of the Department of Transportation in Report No. FI2018002, including improvements—
 (1)to identify controls, including risk management, weakness remediation, and security authorization; (2)to protect controls, including configuration management, user identity and access management, and security training;
 (3)to detect controls, including continuous monitoring; (4)to respond controls, including incident handling and reporting;
 (5)to recover controls for contingency planning; and (6)to such other tools that would implement the recommendations in the report.
				(b)Implementation
 (1)In generalNot later than 180 days after the date of enactment of this Act, the STB shall submit the plan and timeline developed under subsection (a) to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Transportation and Infrastructure of the House of Representatives.
 (2)ReportThe STB shall report annually to such Committees on the progress on implementation of the recommendations until the implementation is complete.
 (3)Plan implementationThe STB shall designate an individual to implement the plan developed under subsection (a). 3.No additional funds authorizedNo additional funds are authorized to carry out the requirements of this Act. Such requirements shall be carried out using amounts otherwise authorized.August 16, 2018Reported without amendment